Mobile device and method attributing media services network usage to requesting application

ABSTRACT

A wireless end-user device has a wireless modem, a network stack configurable to receive and transmit data via the modem and a wireless network, and two Application Programming Interfaces (APIs) available to device applications. The first API allows applications to open and use data flows via the network stack. The second API allows applications to make data transfer requests for media objects associated with network resource identifiers. The second API prompts a media service manager to manage network data transfers for the media object via the network stack. A service classification agent associates wireless network data usage for the media object network data transfers with the device application making the request.

BACKGROUND

With the advent of mass market digital communications, applications andcontent distribution, many access networks such as wireless networks,cable networks and Digital Subscriber Line (DSL) networks are pressedfor user capacity, with, for example Evolution-Data Optimized (EVDO),High Speed Packet Access (HSPA), Long Term Evolution (LTE), WorldwideInteroperability for Microwave Access (WiMax), DOCSIS, DSL, and WirelessFidelity (Wi-Fi) becoming user capacity constrained. In the wirelesscase, although network capacity will increase with new higher capacitywireless radio access technologies, such as Multiple-InputMultiple-Output (MIMO), and with more frequency spectrum and cellsplitting being deployed in the future, these capacity gains are likelyto be less than what is required to meet growing digital networkingdemand.

Similarly, although wire line access networks, such as cable and DSL,can have higher average capacity per user compared to wireless, wireline user service consumption habits are trending toward very highbandwidth applications and content that can quickly consume theavailable capacity and degrade overall network service experience.Because some components of service provider costs go up with increasingbandwidth, this trend will also negatively impact service providerprofits. In addition, it is becoming increasingly important to associatedevice access network services usage (e.g., network data services usage,voice services usage, etc.) to the applications (e.g., application,widget, service, process, embedded object, or any combination of these,etc.) that are using the services.

The foregoing example of trends and issues is intended to beillustrative and not exclusive. Other limitations of the art will becomeapparent to those of skill in the relevant art upon a reading of thespecification and a study of the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a functional diagram of a network architecture forproviding quality of service (QoS) for device assisted services (DAS)and/or for providing DAS for protecting network capacity in accordancewith some embodiments.

FIG. 2 illustrates another functional diagram of another networkarchitecture for providing quality of service (QoS) for device assistedservices (DAS) and/or for providing DAS for protecting network capacityin accordance with some embodiments.

FIG. 3 illustrates a functional diagram of an architecture including adevice based service processor and a service controller for providingquality of service (QoS) for device assisted services (DAS) and/or forproviding DAS for protecting network capacity in accordance with someembodiments.

FIGS. 4A through 4C illustrate a functional diagram for providingquality of service (QoS) for device assisted services (DAS) inaccordance with some embodiments.

FIG. 5 illustrates a functional diagram for generating a QoS activitymap for quality of service (QoS) for device assisted services (DAS) inaccordance with some embodiments.

FIG. 6 illustrates a functional diagram for quality of service (QoS) fordevice assisted services (DAS) for an end to end coordinated QoS servicechannel control in accordance with some embodiments.

FIG. 7 illustrates a flow diagram for quality of service (QoS) fordevice assisted services (DAS) in accordance with some embodiments.

FIGS. 8A through 8C each illustrate another flow diagram for quality ofservice (QoS) for device assisted services (DAS) in accordance with someembodiments.

FIG. 9 illustrates another flow diagram for quality of service (QoS) fordevice assisted services (DAS) in accordance with some embodiments.

FIG. 10 illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.

FIG. 11 illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.

FIG. 12 illustrates a device stack for providing various service usagemeasurement techniques in accordance with some embodiments.

FIG. 13 illustrates another device stack for providing various serviceusage measurement techniques in accordance with some embodiments.

FIG. 14 illustrates a flow diagram for device assisted services (DAS)for protecting network capacity in accordance with some embodiments.

FIG. 15 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 16 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 17 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 18 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 19 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 20 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 21 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 22 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments.

FIG. 23 illustrates a network capacity controlled services prioritylevel chart for device assisted services (DAS) for protecting networkcapacity in accordance with some embodiments.

FIG. 24 depicts a diagram of a network capacity protection systemutilizing device-assisted services (DAS).

FIG. 25 depicts a diagram an example of a differential access controlnotification system.

FIG. 26 depicts an example of a computer system on which techniquesdescribed in this paper can be implemented.

FIG. 27 depicts a diagram of an example of a system forapplication-specific differential network access control.

FIG. 28 depicts an example of a system for flow tracking.

FIG. 29 depicts a flowchart of an example of a method of flow tracking.

FIG. 30 depicts an example of a system with a tagged traffic flow.

FIGS. 31A and 31B depict a flowchart of an example of a method ofvirtual tagging.

FIG. 32 depicts an example of a system for classification mapping usingvirtual tagging.

FIG. 33 depicts an example of a media service classification system.

FIG. 34 depicts a conceptual diagram of a proxy encapsulated frame.

FIG. 35 depicts an example of a system for proxy client counting.

FIG. 36 depicts an example of a system for classifying traffic andenforcing a service policy based upon the classification.

FIG. 37 depicts a flowchart of an example of a method for flow taggingand enforcing service policies associated with an identified initiatorof the flow.

DETAILED DESCRIPTION

The invention can be implemented in numerous ways, including as aprocess; an apparatus; a system; a composition of matter; a computerprogram product embodied on a computer readable storage medium; and/or aprocessor, such as a processor configured to execute instructions storedon and/or provided by a memory coupled to the processor. In thisspecification, these implementations, or any other form that theinvention may take, may be referred to as techniques. In general, theorder of the steps of disclosed processes may be altered within thescope of the invention. Unless stated otherwise, a component such as aprocessor or a memory described as being configured to perform a taskmay be implemented as a general component that is temporarily configuredto perform the task at a given time or a specific component that ismanufactured to perform the task. As used herein, the term ‘processor’refers to one or more devices, circuits, and/or processing coresconfigured to process data, such as computer program instructions.

A detailed description of one or more embodiments of the invention isprovided below along with accompanying figures that illustrate theprinciples of the invention. The invention is described in connectionwith such embodiments, but the invention is not limited to anyembodiment. The scope of the invention is limited only by the claims andthe invention encompasses numerous alternatives, modifications andequivalents. Numerous specific details are set forth in the followingdescription in order to provide a thorough understanding of theinvention. These details are provided for the purpose of example and theinvention may be practiced according to the claims without some or allof these specific details. For the purpose of clarity, technicalmaterial that is known in the technical fields related to the inventionhas not been described in detail so that the invention is notunnecessarily obscured.

As the network capacity gains are less than what is required to meetgrowing digital networking demand, a network capacity crunch isdeveloping due to increasing network congestion on various wirelessnetworks, such as mobile networks. The increasing popularity of varioussmart phone devices, net book devices, tablet computing devices, andvarious other wireless mobile computing devices, which are becomingincreasingly popular on 3G, 4G, and other advanced wireless networks, iscontributing to the network capacity crunch. Some network carriers haveindicated that a relatively small number of users on such devices demanda disproportionately significant amount of their network capacity. Forexample, AT&T has recently indicated that about 3 percent of its smartphone device users (e.g., Apple iPhone® users) are generatingapproximately 40 percent of the operator's data traffic.

For example, in wireless networks, managing the wireless accessconnection capacity and network access connection resources is importantto maintain network performance as network resources/capacity demandincreases. Many network performance measures can be advantageouslymaintained or improved as network loading increases if capacitymanagement and/or network resource management is employed. For example,these performance measures include network availability; the ability todeliver connections to all devices, users and/or applications seekingconnections and enabled for service on the network; network accessattempt success rate; the transmission speed experienced by one or moredevices, users or applications; the average transmission speedexperienced by all devices, users and/or applications; network bit errorrate or packet error rate; the time delay from network access request todelivered access connection; the one-way delay or round-trip delay for atransmission; the delay timing jitter for a transmission; the timevariation in transmission speed for one or more connections; the abilityof the network to deliver various requested/needed levels of Quality ofService (QoS) to devices, users or applications that requiredifferentiated connection QoS classes; the ability of the network tomaintain efficiency (e.g., aggregated service throughput measured acrossall devices, users, and/or applications); the ability of the network toshare or distribute a performance measure (e.g., the performancemeasures listed above) uniformly or fairly across multiple devices,users, and/or applications that all have the same service quality classor the same service plan performance parameters.

For example, if there is a limited amount of shared bandwidth for a setof user devices (e.g., a set of devices on a wireless network, such as agiven base station or base station controller or femto cell or picocell; or a set of devices on a cable modem networks, etc.), and ifmultiple and/or all devices allow all applications to indiscriminatelyaccess or attempt to access network resources or transmit/receivetraffic, then the network can generally become overloaded. As a result,a subset of users/devices or in some cases most or all users/devicesobtain poor network performance. As another example, if one or moredevices forming a subset of devices on the network allow multiple and/orall applications to indiscriminately access or attempt to access networkresources or transmit/receive traffic, then the network can becomeoverloaded. As a result, a subset of users/devices or in some cases mostor all users/devices obtain poor network performance.

Traditionally, mobile devices typically have specialized designs thatare optimized to preserve network capacity and protect network resourcesfrom being over taxed. For example, wireless devices that browse theInternet often use specialized protocols such as WAP and data trafficcompression or low resolution techniques rather than standard HTTPprotocols and traffic used in wired Internet devices.

However, the wireless devices that implement specialized methods foraccessing the Internet and/or other networks often implement complexspecifications provided by one or more wireless carriers that own thenetworks that the device is designed to connect to. Such complexspecifications often require time consuming design, testing, andcertification processes. These processes in part have the effect ofnarrowing the base of device suppliers to those qualified and willing toperform the specialized design work required, slowing time to market fornew devices, increasing the expense to develop new devices and reducingthe types of applications that are supported.

Device OEMs have recently created wireless devices that are designedmore like standard Internet devices and not fully optimized to preservenetwork capacity and resources. Many wireless service customers desirethis type of device, and the OEMs generally want to reduce thecomplexity and time to market to deliver such devices. In addition, newmarket needs and new government requirements sometimes require thatcarriers offer a more open process for bringing new devices onto theirnetwork, in which the process does not require all of the specializeddesign and certification described above. These and various otherfactors are driving a growing need and trend for less complex and timeconsuming wireless device design and certification processes.

This trend has led many carriers to begin selling devices that aredesigned more as standard Internet service devices that connect to theInternet and other data networks through carrier wireless networks. Asthe cellular network is opened up to more and more new devices,applications and markets, there is a growing demand to allow generalpurpose Internet devices and applications to gain access to wirelessnetworks without necessarily going through specialized design andcertification process requirements to make the devices and applicationsefficient and authorized for access to such wireless networks.

However, general purpose Internet devices are not as frugal or sparingwith wireless network access bandwidth. Moreover, with the advent ofalways on wide area network connections to the Internet has led topopular Internet services and applications that typically assume veryinexpensive access and generally heed no attention to, for example,network busy state. As more general purpose Internet devices areprovided for us on various wireless networks (e.g., mobile wirelessnetworks), a high frequency of inefficient wireless network accessescontinue to rise, which can reduce network capacity sometimes to levelsthat hinder access to service for that device (e.g., user, device,software demand) and/or other devices on that wireless network and/orthat wireless network segment. As discussed above, judicious use ofwireless network bandwidth, capacity, and resources generally results inbetter service for all users, but at present, device manufacturers andwireless network providers (e.g., wireless network carriers or carriers)have not provided or implemented more intelligent bandwidth usagetechniques. These factors generally result in less carrier control ofdevice design, which poses a threat to longer term network capacity andperformance preservation as the volume of devices with less optimizedwireless designs continues to grow.

There are many network performance and user performance factors that areimpacted by the efficiency of the network, including, for example,overall network congestion; the access network performance experiencedby one or more groups of users, devices, applications, network servicesources, communication protocols, and/or operating system functions;and/or the performance experienced by a given user, device, application,network service source, communication protocol, and/or operating systemfunction. Under a relatively low capacity demand of a wireless network,network performance as experienced by a group of devices, applications,network service sources, communication protocols, operating systemfunctions, and/or users or by a single device, application, networkservice source, communication protocol, operating system function,and/or user can degrade somewhat proportionally (e.g., aggregate trafficdelivered by the network may be roughly proportional to the peakavailable network traffic) with incremental increases in network accessand/or traffic demand from one or more groups of users, devices,applications, network service sources, communication protocols and/oroperating system functions. However, as network resources/networkcapacity demand increases (e.g., more wireless network data traffic isdemanded in aggregate; more devices are serviced by the network; moreusers are serviced by the network; more applications are serviced by thenetwork; more network service sources are serviced by the network; moreoperating system functions are serviced by the network; and/or moredifferentiated QoS sessions are serviced by the network), networkavailability/performance can decrease and/or the network may notadequately service one or more users, devices, applications, networkservice sources, communication protocols, and/or operating systemfunctions, or may not service one or more groups of users, devices,applications, network service sources, communication protocols, and/oroperating system functions.

There are many examples of how increasing network capacity demand candecrease network performance, including for example, to a decrease inaverage bandwidth offered per device (e.g., one or more users on adevice, application, network service source, communication protocol,and/or operating system function executed/implemented on the device); anincrease in traffic delivery latency; an increase in traffic deliverylatency jitter; insufficient guaranteed or differentiated bandwidth forone or more differentiated QoS and/or dynamic QoS services (e.g., asdescribed herein) to one or more devices, users, applications, networkservice sources, communication protocols, and/or operating systemfunctions; increased latency for bandwidth reservation services;increased latency for QoS reservation services; performance problemswith one or more communication protocols; unacceptable delays in userexperience, and/or various other or similar consequences and device oruser impacts resulting from reduced network availability and/or reducednetwork capacity. Examples of network communication protocols that canhave degraded performance with excessive network loading or degradednetwork performance include, for example, Internet protocol (IP), HTMLprotocols, voice communication protocols including VOIP protocols,real-time video communication protocols, streaming media protocols(e.g., audio, video, etc), gaming protocols, VPN protocols, filedownload protocols, background service protocols, software updateprotocols, and/or various other network communication protocols. Thus,is it important to preserve/protect network capacity.

It is also important to control the number of transactions demanded froma given network resource (e.g., edge network segment, base station, basestation controller, MAC resources, pico cell, femto cell, etc.) in agiven period of time so that demand does not overcome the transactionservicing ability of that network resource. For example, networkresources that should not be subjected to excess transaction demand caninclude base station or base station controller resources, media accesscontrol (MAC) resources, traffic transport resources, AAA resources,security or authentication resources, home agent (HA) resources, DNSresources, resources that play a part in network discovery, gateway orrouter resources, data session reservation or establishment resources(e.g., network resources required to manage, set up, conduct, and/orclose service sessions, PPP sessions, communication flows, communicationstreams, QoS flows, radio access bearer reservation resources, tunnels,VPNs, APNs, special service routing, etc.), bandwidth reservationresources, QoS reservation or coordination resources, QoS transportresources, service charging resources, traffic analysis resources,network security resources, and/or various other or similar networkresources. In some networks, the network performance degradation due toa given measure of incremental increase in network resource/capacitydemand can become relatively large as various network resources becomeincreasingly taxed due to either limited transaction processingcapability or limited traffic bandwidth for one or more of the networkresources that participate in establishing, servicing, conducting,maintaining, and/or closing the necessary network service connectionsand/or information exchanges required to conduct a service activity. Forexample, if the equipment required to establish a PPP session can onlyhandle a certain number of new PPP session openings and/or closings pergiven period of time, and if device behavior is such that PPP sessionsare often opened and/or closed, then the rate of PPP sessiontransactions (e.g., openings and/or closings) can exceed the transactioncapacity of the PPP session management resources. This is sometimesreferred to as “flooding” or “overloading” a network resource withexcess demand or excess connections, and, in such cases, the networkresource may begin falling behind in servicing transaction demand in awell controlled manner (e.g., the network resource may continueprocessing transactions at or near a maximum rate for that networkresource), or in some cases, the resource may fall behind transactiondemand in a less well controlled manner (e.g., the network resource maybecome overwhelmed such that its processing rate not only falls belowaggregate transaction demand, but the transaction rate processingcapability decreases under overload as well). In the PPP sessionestablishment resource example, once the rate of requested transactionsexceeds the resource maximum transaction rate, then unmet device demandcan grow to a point where one or more devices experiences delays inconnecting to and/or communicating (e.g., sending/receiving data) withthe network.

As another example, in any type of random access bandwidth reservationprotocol, MAC protocol, or bandwidth delivery protocol, in a networkwithout proper management and/or control of traffic access reservationsand/or transmissions, as the network demand increases there may be morecollisions between reservation requests, traffic transmissions,application demands, network service source demands, communicationprotocol demands, and/or operating system function demands causing adecreasing network efficiency that can degrade user, device, applicationand/or network service performance so that performance falls belowacceptable levels. As another example, in systems in which there is aQoS service session reservation system, uncontrolled and/or unmanagedQoS reservation requests and/or reservation grants can lead to asituation where the QoS reservation resources and/or QoS servicedelivery resources are over taxed to the point where QoS serviceperformance falls below desired levels. As another example, in networksthat require some form of minimum resource allocation for transmissions,reservations, or network resource transactions, the network can becomeinefficient if one or more devices, applications, network servicesources, operating system functions, and/or communication protocols havea relatively high rate of network resource access attempts, networkaccesses or data transmissions for small transmission payloads (e.g.,minimum MAC reservation factors, minimum security overhead factors,minimum QoS reservation factors, minimum time responses for establishinga base station connection, minimum time responses for establishing orclosing/being released from a session, etc). Even if the data packetcomprising the access event is small, the network resources required tocomplete the access event are often busy servicing the access event formuch longer periods of time than are required for the actual datatransmission.

Another example of device service activity behavior that can have animpact on network performance is the way the device, device subsystem,and/or modem subsystem power cycling or transitions from one power savestate to another. For example, establishing a basic connection from adevice to a wireless base station consumes base station resources for aperiod of time and in some cases can also consume other networkresources such as AAA, HLR, HA, gateway, billing, and/or charginggateway resources. If a device terminates the connection to the basestation when the modem subsystem (e.g., or some other portion of thedevice) goes from active connection state to a power save state, theneach time the device enters power save state and then exits power savestate network resources are consumed, sometimes for time periodsmeasured on the order of seconds or in extreme cases even minutes. Ifsuch a device has an aggressive power save algorithm that enters powersave state after a short idle period, then the device behavior canconsume a proportionally large amount of resources such that the networkability to support multiple devices is diminished, or such that thenetwork cannot support very many similar devices on the network. Anothersimilar example is the establishment of network sessions once the basestation connection is established (e.g., establishing a PPP sessionbetween the device and a home agent (HA) or other gateway), in whichnetwork resources required to open and/or close the network session areignorantly consumed if a device exhibits aggressive power save statecycling or frequently terminates the data session for other reasons.

Another example of device service activity behavior that can impactnetwork performance is applications that maintain persistent networkcommunication that generates a relatively high frequency of network datapackets. Some applications have persistent signaling that falls intothis category. Specific examples include frequent device signalingsequences to update widgets on a desktop; synchronize user data such ascalendars, contacts, email, and/or other information/content; check orupdate email or RSS feeds; access social networking websites or tools;online text, voice or video chat tools; update real-time information;and conduct other repetitive actions. Additional application behaviorthat can significantly tie up network resources and capacity include,for example, conference meeting services, video streaming, contentupdate, software update, and/or other or similar application behavior.For example, even when the user is not directly interacting with orbenefiting from this type of application, the application can be runningin the background and continuing to consume potentially significantnetwork resources.

For example, the types of service activities and/or device behavior thatcan reduce network capacity and/or network resource availability includesoftware updates for OS and applications, frequent OS and applicationbackground network accesses and signaling, frequent network discoveryand/or signaling (e.g., EtherType messages, ARP messages, and/or othermessaging related to network access), cloud synchronization services,RSS feeds and/or other background information feeds, application (e.g.,web browser) or device behavior reporting, background email downloads,content subscription service updates and downloads (e.g., music/videodownloads, news feeds, etc.), text/voice/video chat clients, virusupdates, peer to peer networking applications, inefficient networkaccess sequences during frequent power cycling or power save statecycling, large downloads or other high bandwidth accesses, and/or greedyapplication programs that continually and/or frequently access thenetwork with small transmissions or requests for information. Variousother examples will now be apparent to one of ordinary skill in the art.

Thus, not only can network capacity, network performance, and/or networkresource availability be degraded by high device transmission bandwidthdemand, but other types of persistent or frequent traffic resulting fromnetwork resource requests, network data accesses or other networkinteraction can also degrade network capacity, network performance,and/or network resource whether or not the aggregate bandwidth demand asmeasured by the total data throughput is high or not. Thus, techniquesare needed to preserve network capacity by, for example, differentiallycontrolling these types of network service usage activities in variousways depending on the type of service activity requesting network accessand/or requesting transactions with network resources.

Smart phone and similar devices are exacerbating the problem by makingfrequent queries of the wireless network as such devices move among cellsites to while in transit, for example, push email, access socialnetworking tools, and/or conduct other repetitive actions. While datatraffic is also growing, signaling traffic is outpacing actual mobiledata traffic by 30 percent to 50 percent by some estimates. For example,a Yahoo IM user may send a message but then wait a couple of secondsbetween messages. To preserve battery life, the smart phone typicallymoves into an idle mode. When the user pushes another message secondslater, the device has to set up a signaling path again, and even whenthe signaling resource is released by the smart phone, the networktypically does not react fast enough to allow for the next station touse resources until several seconds and sometimes minutes. As a result,the base station controller in this example is spending a lot of itsresources trying to process the signaling so it cannot perform othertasks, such as allocate additional resources for data network usage, andsuch inefficiencies exacerbates the data network capacity crunch anddropped calls on such wireless networks.

One approach used by smart phone vendors to address this problem andsave battery life on their devices is to implement a fast dormancyfeature, which allows the mobile device to quickly make a query to theradio network controller to release the connection so that it can returnto the idle state faster. In other words, the device is relaying thefact that the phone is going dormant saving device resources (e.g.,signaling channel) rather than network resources. However, the fastdormancy feature can exacerbate this problem by prematurely requesting anetwork release only to follow on with a request to connect back to thenetwork or by a request to re-establish a connection with the network.

Network carriers have typically attempted to manage network capacityusing various purely central/core network based approaches. For example,some carriers have indicated a robust capacity planning process andsufficient investment is needed to alleviate this growing capacitycrunch. Purely centralized network solutions with no assistance from adevice based software agent (or service processor) can have severallimitations. For example, for some device applications, OS functions orother service usage activities, if the activity is blocked somewhere inthe network behind the base station after over the air (OTA) spectrumbandwidth is consumed to open or begin to open a communication socket,then there can still be an appreciable amount of network capacity orresources consumed even though the data transfer is not allowed tocomplete. In addition, if the service usage activity is aggressive inre-attempting to establish the network connection to transfer the data,and the network continues to allow the OTA portion of the connectionestablishment but blocks the connection somewhere in the network, then alarge amount of capacity can be consumed by many devices exhibiting suchbehavior even though no useful service is being allowed. Accordingly,some embodiments for protecting network capacity include controllingnetwork service usage activities at the source of the demand—the device.Furthermore, in some embodiments, service usage is controlled in amanner that delays, prevents, or reduces the frequency of service usageactivity re-try attempts to connect to the network.

In some cases, an additional drawback of purely centralized networksolutions to protect network capacity arises when service usageactivities are controlled, blocked, throttled, and/or delayed by centralnetwork equipment with no mechanisms or support to link to a device userinterface (UI) to inform the user what is happening and why it ishappening. This can lead to a frustrating user experience and reducedcarrier customer satisfaction. Accordingly, in some embodiments, adevice based UI is provided to provide the user with real time or nearreal time information regarding why a service usage activity is beingcontrolled, blocked, throttled, and/or otherwise controlled in order toprotect network capacity. In some embodiments, a UI is provided thatalso informs the user when there are options to set, control, override,or modify service usage controls for the purpose of protecting networkcapacity. In some embodiments, such user preference inputs alsocorrespond to a change in service usage billing. In some embodiments,such changes in service usage billing due to capacity sparing servicecontrol changes by the user are communicated to the user via a UInotification sequence. In some embodiments, techniques for protectingnetwork capacity employ user warnings when a service usage activityclassified for differential user notification policies is likely tocause the user to go over service plan caps (e.g., total data byte countusage caps).

What is needed is intelligent network monitoring to provide real-timetraffic monitoring network service usage (e.g., at the packetlevel/layer, network stack application interface level/layer, and/orapplication level/layer) of the wireless network (e.g., radio accessnetworks and/or core networks) and to effectively manage the networkservice usage for protecting network capacity (e.g., while stillmaintaining an acceptable user experience). Using Device AssistedServices (DAS) techniques, and in some cases, network assisted/basedtechniques, to provide for network service usage monitoring of devices,network carriers/operators would be provided greater insight into whatdevices, which users and what applications, and when and where networkcongestion problems occur, enabling operators to intelligently addadditional resources to certain areas when necessary (e.g., offloadingdata traffic onto femto cells or WiFi hotspots and adding more networkresources), to differentially control network service usage, and/or todifferentially charge for network service usage based on, for example, anetwork busy state, for protecting network capacity.

Intelligent network monitoring of the wireless network to effectivelymanage network service usage for protecting network capacity can includeproviding Device Assisted Services (DAS) for protecting network capacityin accordance with various embodiments described herein. For example,intelligent network monitoring of the wireless network to effectivelymanage network service usage for protecting network capacity can includedifferentially controlling over the air software updates and/orperforming software updates via wired connections only. As anotherexample, intelligent network monitoring of the wireless network toeffectively manage network service usage for protecting network capacitycan include differentially controlling various applications that demandsignificant network resources or network capacity. As another example,intelligent network monitoring of the wireless network to effectivelymanage network service usage for protecting network capacity can includemanaging network access connection requests resulting from repeatedpower down modes in the modem, which can cause resource intensivere-connection and/or re-authentication processes. As another example,intelligent network monitoring of the wireless network to effectivelymanage network service usage for protecting network capacity can includetechniques for keeping PPP sessions alive to avoid the need to consumenetwork resources to re-establish PPP sessions (e.g., unless theapplication behavior analysis predicts that a mean access time is longenough for the PPP session to be dropped off and yet not causing overallnetwork resource limitations).

Unlike traditional QoS techniques, which are used to establish a singleend or end to end guaranteed service level(s) on a network, techniquesdisclosed herein for protecting network capacity facilitateimplementation of services on a network to facilitate differentialcontrol of certain services to protect network capacity (e.g., to reducenetwork congestion, network capacity demand, network resource demand;and/or to increase network availability). As also disclosed herein,techniques disclosed herein for protecting network capacity facilitateimplementation of services on a network to facilitate differentialcontrol of certain services to protect network capacity can alsofacilitate QoS implementations by maintaining needed levels of networkcapacity/availability to facilitate delivery of certain QoSlevels/classes. For example, techniques disclosed herein for protectingnetwork capacity can aggregate across multiple services and/or devicesto facilitate differential control of certain services to protectnetwork capacity. As another example, techniques disclosed herein forprotecting network capacity can be used to provide for dynamic QoSclassifications (e.g., dynamically assigning/classifying andreassigning/reclassifying (based on various criteria, events, and/ormeasures) network service usage activities to various QoSlevels/classes, such as described herein) to facilitate differentialcontrol of certain services to protect network capacity.

Accordingly, Device Assisted Services (DAS) for protecting networkcapacity is provided. In some embodiments, DAS for protecting networkcapacity provides for protection of network capacity (e.g., networkcongestion and/or network access/resource demand and/or networkavailability on an edge element of the network, such as on the RadioAccess Network (RAN) of a wireless network, and/or from a device to abase station/base station controller), such as by controlling networkservice activity usage activities of a device in wireless communicationwith the network to reduce demands on the network. For example,controlling network service usage activities can include classifyingand/or controlling network access requests (e.g., IP address requests),network access reservation requests (e.g., a QoS reservation/sequence),network capacity/resources usage (e.g., bandwidth usage), and/or anyother network service usage activities. In some embodiments,applications, OS functions, and/or other network service usageactivities that request IP addresses from network address serverresources are classified and/or controlled so that the IP addressrequests are withheld, delayed, time windowed, reduced in frequency,aggregated or otherwise controlled. In some embodiments, such “IPaddress request control policies” for one or more applications, OSfunctions, and/or other network service usage activities are set,updated, and/or modified before communicating it over a networkconnection to a network element (e.g., a service controller or anothernetwork element/function). In some embodiments, network service usageactivities are generated/requested by applications, operating system(OS) functions, and/or other software/functions executed on a device incommunication with the network. In some embodiments, it is desirable toapply a service usage control policy for the network service usageactivities to protect network capacity (e.g., reduce network capacitydemand). For example, some applications and/or OS functions have limitedcapabilities to defer certain traffic types based on fixed settings inthe application, and such applications and/or OS functions typicallycannot optimize network service usage activities based on a currentnetwork busy state (e.g., based on changing levels of network capacityand/or network performance available to the device). In someembodiments, the network busy state (e.g., or conversely the networkavailability state) is a characterization of the congestion (e.g., orconversely available capacity) of the network for one or more deviceconnections. For example, the network busy state can provide a measureof how busy or congested the network or a network segment (e.g., networkedge element) is for one or more device connections. As another example,network availability state can provide a measure of what networkconnection resources are available to one or more device connections.Thus, network busy state and network availability state can be viewed asconverse ways of providing similar information, and as described hereinwith respect to various embodiments, these terms can be usedinterchangeably.

In some embodiments, techniques are provided for assigning a priority toa network service usage activity and controlling traffic associated withthe network services usage activity based on the assigned priority. Insome embodiments, techniques are provided for a implementing adifferentiated and dynamic background services classification, forexample, as a function of network availability state and/or network busystate.

In some embodiments, a service usage control policy is used forassisting in network access control of network service usage activities(e.g., deferring some or all of the network capacity demand from thesesource activities). In some embodiments, some or all of the networkcapacity demand is satisfied at a point where the network resources orcapacity are more available or less busy. In some embodiments,techniques are provided for classifying network service activitiesassociated with one or more applications or OS functions to a backgroundservice class and differentially controlling the background serviceclass traffic. In some embodiments, techniques are provided forclassifying one or more network service activities associated with anapplication or OS function to a background service class, while othernetwork service activities associated with that application or OSfunction are classified to other service classes (e.g., or to differentbackground service class priority levels).

In some embodiments, techniques are provided for determining a networkbusy state (e.g., for a network edge element connection to a device,such as for a RAN for the device's current wireless network accessand/or to the current base station/base station controller in wirelesscommunication with the device). In some embodiments, techniques areprovided for implementing a service usage control policy todifferentially control network services traffic based on a network busystate for an activity, a group of activities, or for a service class.

In some embodiments, DAS for protecting network capacity includesmonitoring a network service usage activity of the communications devicein network communication; classifying the network service usage activityfor differential network access control for protecting network capacity;and associating the network service usage activity with a networkservice usage control policy based on a classification of the networkservice usage activity to facilitate differential network access controlfor protecting network capacity.

In some embodiments, a network service usage activity is any activity bythe device that includes wireless network communication. In someembodiments, an application, an operating system (OS), and/or otherdevice function generates a network service usage activity. In someembodiments, an application, an operating system (OS), and/or otherdevice function generates one or more network service usage activities.Examples of a network service usage activity include the following: avoice connection (e.g., coded voice connection or voice over IP (VOIP)connection), a device application or widget connection, a device OSfunction connection, an email text connection, an email downloadconnection, a file download connection, a streaming media connection, alocation service connection, a map services connection, a softwareupdate (e.g., application, operating system, and/or antimalware softwareupdate) or firmware update connection, a device backup connection, anRSS feed connection, a website connection, a connection to a server, aweb browser connection, an Internet connection for a device basedservice activity, establishing a sync service account, a user datasynchronization service, a device data synchronization service, anetwork connection flow or stream, a socket connection, a TCPconnection, a destination/port assigned connection, an IP connection, aUDP connection, an HTTP or HTTPS connection, a TLS connection, an SSLconnection, a VPN connection, a general network services connection(e.g., establishing a PPP session, authenticating to the network,obtaining an IP address, DNS service), and various other types ofconnections via wireless network communication as will be apparent toone of ordinary skill in the art.

In some embodiments, a network service usage activity is classified,associated with, and/or assigned to a background class (e.g., abackground service or QoS class) to facilitate differential networkservice usage control to protect network capacity. In some embodiments,differential network service usage control includes one or more of thefollowing: monitoring network service usage activity; accounting fornetwork service usage activity; reporting network service usageactivity; generating a user notification for a network service usageactivity; requesting a user preference for control of network serviceusage activity; accepting a user preference for network service usageactivity; implementation of a network service usage activity policy(e.g., block/allow; traffic control techniques, such as throttle, delay,priority queue, time window, suspend, quarantine, kill, remove, andother well known traffic control techniques); implementing UI interceptprocedures; generating a network busy state notification; generating abackground class notification; generating a user notification fordifferential network service usage control of a network service usageactivity; and various other techniques as described herein.

In some embodiments, a network availability state includes a state ormeasure of availability/capacity of a segment of a network (e.g., a lastedge element of a wireless network). In some embodiments, a network busystate includes a state or measure of the network usage level or networkcongestion of a segment of a network (e.g., a last edge element of awireless network). In some embodiments, network availability state andnetwork busy state are inverse measures. As used herein with respect tocertain embodiments, network availability state and network busy statecan be used interchangeably based on, for example, a design choice(e.g., designing to assign background policies based on a network busystate or a network availability state yields similar results, but theyare different ways to characterize the network performance and/orcapacity and/or congestion). In some embodiments, network availabilitystate and network busy state are dynamic measures as such states changebased on network usage activities (e.g., based on a time of day,availability/capacity level, congestion level, and/or performancelevel). In some embodiments, differential network service usage controlof a network service usage activity is based on a network busy state ornetwork availability state.

In some embodiments, certain network service usage activities areclassified as background services. In some embodiments, lower priorityand/or less critical (and/or based on various other criteria/measures)network service usage activities are classified as background servicesbased on a network busy state and differentially controlled based on anetwork busy state to protect network capacity. In some embodiments,differential network service usage control policies are based on a timeof day, a network busy state, background services and/or QoS classchanges based on a time of day and/or a network busy state, a randomback-off for access for certain network service usage activities, adeterministic schedule for certain network service usage activities, atime windowing in which network service usage control policies for oneor more service activities or background/QoS classes changes based ontime of day, network busy state, a service plan, and various othercriteria, measures, and/or techniques as described herein.

In some embodiments, a network capacity controlled service or networkcapacity controlled services class includes one or more network services(e.g., background download services and/or various other types orcategories of services as described herein) selected for differentialnetwork service usage control for protecting network capacity. In someembodiments, a network capacity controlled services classificationincludes one or more network services associated with a network capacitycontrolled service/class priority setting for differential networkservice usage control for protecting network capacity. In someembodiments, a network capacity controlled service or network capacitycontrolled services class includes one or more network servicesassociated with a QoS class for differential network service usagecontrol for protecting network capacity. In some embodiments, a networkcapacity controlled service or network capacity controlled servicesclass includes one or more network services associated with a dynamicQoS class for differential network service usage control for protectingnetwork capacity.

For example, differentially controlling network service usage activitiesbased on network capacity controlled services or dynamic QoS or QoSclassifications can protect network capacity by, for example, improvingnetwork performance, increasing network availability, reducing networkresources demand, and/or reducing network capacity demand (e.g., basedon an individual device, aggregate devices connected to an edge element,and/or aggregate devices connected to many edge elements). In someembodiments, differentially controlling network service usage activitiesbased on network capacity controlled services or dynamic QoS or QoSclassifications can protect network capacity while maintaining properdevice operation. In some embodiments, differentially controllingnetwork service usage activities based on network capacity controlledservices or dynamic QoS or QoS classifications can protect networkcapacity while maintaining an acceptable user experience (e.g., properand/or expected device operation, proper and/orsoftware/application/OS/function operation, avoiding (whenever possible)significant adverse impact on device functions, and/or usernotifications to keep the user informed of various differential controlimplemented on the device).

In some embodiments, dynamic QoS classifications include QoSclassifications that can be dynamically modified (e.g., reclassified,reprioritized, upgraded, and/or downgraded) based on various criteria,measures, settings, and/or user input as described herein (e.g., basedon a time of day and/or day of week, based on a network busy state,based on a user preference, and/or based on a service plan). In someembodiments, the various techniques described herein related to DAS forproviding network capacity and/or QoS for DAS are applied to dynamic QoSrelated techniques.

As wireless networks, such as mobile networks, evolve towards higherbandwidth services, which can include or require, for example, variouslevels of Quality of Service (QoS) (e.g., conversational, interactivedata, streaming data, and/or various (end-to-end) real-time servicesthat may benefit from QoS), demands will increase for converged networkservices to facilitate such services for end-to-end services betweennetworks (e.g., to allow for control and/or support for such services,for example, QoS support, across network boundaries, such as betweenwireless networks (such as various service provider networks) and IPnetworks (such as the Internet), and/or other networks). While variousefforts have attempted to address such QoS needs, such as policymanagement frameworks for facilitating QoS end-to end solutions, thereexists a need to facilitate various QoS requirements using DeviceAssisted Services (DAS).

Accordingly, Quality of Service (QoS) for Device Assisted Services (DAS)is provided. In some embodiments, QoS for DAS is provided.

To establish a QoS channel, differentiated services are typicallyavailable, in which one class/level of service has a higher prioritythan another to provide for differentiated services on a network, suchas a wireless network. For example, in a wireless network, variousnetwork elements/functions can be provisioned and controlled toestablish a single end or end to end QoS channel. In some embodiments, acentralized QoS policy coordination and decision function using DAStechniques to assist in coordinating the QoS channel setup and controlamong the various elements of a wireless network is provided.

In some embodiments, QoS channel refers to the logical communicationchannel connected to a device that provides a desired level of QoSservice level. For example, the QoS channel can be created with one ormore QoS links, in which each link represents a QoS enabled connectionthat spans a portion of the total end to end network communication pathfrom a near end device to a far end device. For example, the far enddevice can be on the same network or on a different network, potentiallywith different access technology and/or a different access networkcarrier. In some embodiments, the QoS channel includes one or more QoSlinks in which each link in the channel is QoS enabled, or one or moreof the links in the channel is QoS enabled and others are not. As anexample, a QoS channel can include the following links: a first devicetraffic path link, a first device to access network equipment elementlink (e.g., 2G/3G/4G wireless base station, WiFi access point, cablenetwork head end, DSLAM, fiber aggregation node, satellite aggregationnode, or other network access point/node), a first carrier core network,a long haul IPX network, a second carrier core network, a second deviceto access network equipment element link, and a second device trafficpath link as similarly described herein with respect to variousembodiments.

In some embodiments, each of the links described above have the abilityto provide QoS services for that segment of an overall QoS channel. Insome embodiments, the device traffic path link and/or the device toaccess network equipment element link are QoS enabled, but the carriercore network and/or IPX network links are not QoS enabled. In someembodiments, the core network and/or IPX network have sufficientover-provisioning of bandwidth that QoS is not limited by these networkelements and, for example, can be limited by the device traffic linkand/or the device to access network equipment element link do not havesufficient excess bandwidth making it desirable to QoS enable these QoSchannel links. A common example is a 2G/3G/4G wireless network in whicha device traffic path link and the device to access network element link(e.g., Radio Access Bearer (RAB)) are QoS enabled while the carrier corenetwork and IPX network links are not (e.g., are provided at a besteffort service level or other service levels).

In some embodiments, a QoS session refers to the QoS enabled traffic fora given device that flows over a QoS channel or QoS link. This QoStraffic supports a QoS service activity. In some embodiments, a QoSservice activity includes a device service usage that is requested,configured, or preferably serviced with a given level of QoS. In someembodiments, a device QoS activity is a combination of one or more ofthe following: application, destination, source, socket (e.g., IPaddress, protocol, and/or port), socket address (e.g., port number), URLor other similar service identifier, service provider, network type,traffic type, content type, network protocol, session type, QoSidentifier, time of day, network capacity (e.g., network busy state),user service plan authorization or standing, roaming/home networkstatus, and/or other criteria/measures as similarly described herein.For example, QoS service activities that are supported by QoS sessionscan include VOIP traffic, streaming video traffic, differentiated accessbandwidth during busy network periods, real-time interactive traffic,such as network connected multimedia meetings (e.g., sharedpresentations, picture, video, voice, and/or other suchapplications/services), best effort interactive, such as Internetbrowsing, time sensitive services, such as email message body delivery,near real-time interactive services, such as SMS or push to talk,background download services, such as email downloads and other filetransfers (e.g., FTP), and/or truly background download services, suchas software updates (e.g., OS or application software updates and/orantimalware updates including content/signature updates).

In some embodiments, various QoS levels or classes are supported. Forexample a conversation class can provide for real-time traffic, which istypically very delay sensitive but can tolerate bit errors and packetlosses. The conversational class is typically used for Voice Over IP(VOIP) and video telephony, in which users of such services benefit fromthe short delay features of the conversational class. A streaming classis similar to the conversational class except that the streaming classtypically can tolerate more delay than the conversational class. Thestreaming class is generally used for when one end of the connection isa user (e.g., human user) and the other end is a machine/computer (e.g.,for streaming content applications, such as streaming of video, such asmovies or other video content). An interactive class is generallyintended for traffic that allows delay variation while requiringreasonably low response time (e.g., web browsing or other applicationsin which the channel can be unused for long periods of time but when auser makes a request for a new page/data, the response time should bereasonably low). A background class is generally used for lowestpriority service usages (e.g., typically used for e-mail with andwithout downloads/attachments, application software updates, OS softwareupdates, and/or other similar applications/functions). In someembodiments, various QoS classes or services are applicable to theconversational class. In some embodiments, various QoS classes orservices are also applicable to the streaming class. In someembodiments, various QoS classes or services are also applicable to theinteractive class but typically not applicable to the background class.As will now be apparent to one of ordinary skill in the art, variousother classes can be provided with lower or higher granularity based onservice usage/channel requirements and/or network architectures.

In some embodiments, a QoS link or a QoS channel supports one QoSsession. In some embodiments, a QoS link or a QoS channel supportsmultiple QoS sessions. In some embodiments, QoS link provisioning isprovided to setup the QoS traffic level for a given QoS session or groupof QoS sessions.

In some embodiments, a QoS channel is a single ended QoS channel or anend to end QoS channel. For example, if a QoS channel is end to end,then the QoS channel provisioning is accomplished in a coordinatedmanner for each QoS enabled link in the QoS channel. If a QoS channel issingle ended, then the network elements and/or device participate inprovisioning as much of one end of the QoS channel as possible, leavingprovisioning of the QoS for the other end of the channel as theresponsibility of the device and/or network elements that handle thetraffic at the other end of the QoS channel. In some embodiments, asingle ended QoS channel includes another single ended QoS channel atthe other end. In some embodiments, only one end has single ended QoSchannel enablement while the other end of the channel is a best effortservice level, which, for example, can be used where one end of the QoSchannel has tighter constraints on traffic capacity or quality than theother end (e.g., a VOIP call with one end that is QoS enabled on a 3Gwireless network that has relatively tight bandwidth compared to alightly loaded cable modem network device on the other end which may notneed to be QoS enabled in order to achieve adequate voice quality).

In some embodiments, a QoS request (e.g., a QoS channel request or QoSservice request) is a request for a QoS provisioning event to enable aQoS channel for one or more QoS service activities. In some embodiments,QoS availability assessment includes determining whether one or more ofthe links in a possible QoS channel are available (e.g., based onnetwork capacity and transmission quality) to provision the necessarylevel of QoS for a requested QoS channel. In some embodiments, a QoSrequest is initiated by a device, a user, an application, and/or anetwork element/function as similarly described herein.

In some embodiments, a service plan refers to the collection of accessservice capabilities, QoS capabilities, and/or network capacitycontrolled services that are associated with a communications device. Insome embodiments, the access service capabilities, QoS capabilities,and/or network capacity controlled services are determined by thecollection of access service control policies for the device. In someembodiments, these service control policies are implemented in thenetwork equipment. In some embodiments, these access service controlpolicies are implemented both in the device and in the networkequipment. In some embodiments, these access service control policiesare implemented in the device. In some embodiments, there are differentlevels of service control capabilities (e.g., policies) based ondifferent levels of service plan payments or device standing or userstanding. In some embodiments, there are different levels of servicecontrol policies based on network type, time of day, network busystatus, and/or other criteria/measures as similarly described hereinwith respect to various embodiments. In some embodiments, the accesscontrol and QoS control policies are based on the type of serviceactivity being sought. In some embodiments, the QoS level and accesslevel available for a given service activity for a given device or useris determined by the policies associated with the service plan. In someembodiments, a QoS authorization assessment is performed to determinewhether a device or user has sufficient service plan standing to allowthe requested level of QoS.

In some embodiments, before a QoS channel or link is provisioned (orbefore a QoS request is responded to or filled), a QoS availabilityassessment is performed to determine whether sufficient communicationchannel resources are available to provision the necessary level of QoSfor the QoS channel or link. In some embodiments, this QoS availabilityassessment is determined by assessing the available QoS capacity for oneor more necessary QoS links in the channel. For example, the availableQoS link capacity can be assessed for one or more of a device trafficpath, a device to access network equipment element link, a core networklink, and/or an IPX network link. If the QoS assessment shows that thenecessary channel capacity and quality is available for the desired QoSlevel for one or more desired QoS service activities, then a QoS channelrequest or QoS service request can be granted. In some embodiments, aQoS link or QoS channel reservation process is provided to reserve QoScapacity and quality in advance of link or channel provisioning toensure that the available QoS resources are not assigned between thetime of QoS availability assessment and QoS channel provisioning.

In some embodiments, the QoS availability assessment is performed afterQoS authorization assessment. This prevents the unnecessary exercisingof network elements when the device or user does not have sufficientservice plan standing to receive the desired level of QoS even if it isavailable. This can be an important screening function performed on thedevice in the service processor, or by a centralized network functionsuch as the service controller (e.g., or interchangeably, the homeagent; Home Location Register (HLR); Authentication, Authorization, andAccounting (AAA) server/gateway/function; base station; one of thegateways, policy and charging rules function (PCRF), or other networkelement/function). In some embodiments, QoS availability is assessedwithout conducting a QoS authorization assessment or before receivingthe response to a QoS authorization assessment.

In some embodiments, a QoS channel is provisioned to create the QoSchannel to support a QoS session (e.g., a QoS service activity). In someembodiments, QoS channel provision includes assigning, routing, and/orotherwise causing the QoS session traffic to flow over one or more QoSlinks in the assigned QoS channel.

In some embodiments, device assisted service traffic control and QoSapply readily and directly to the problems of managing a QoS device linkfor QoS channel provisioning. Accordingly, in some embodiments, aservice provider is provided to assist in provisioning the deviceportion of the QoS channel. In some embodiments, the service processorprovisions the device link portion of the QoS channel by placing ahigher priority on higher QoS level traffic. In some embodiments, thisQoS priority is implemented in a number of ways, including routing thehigher priority QoS traffic into first priority in the downstream and/orupstream traffic queues. Upstream traffic queuing is performed directlyin some embodiments by transmitting guaranteed bit rate traffic first athigher available throttling rates, differentiated QoS traffic secondwith a controlled throttling rate, best effort traffic third withpossibly lower controlled throttled rates, and/or background trafficfourth when/if bandwidth not needed by the higher levels of QoS trafficand at lower controlled throttling rates. For example, downstreamtraffic can be handled by queuing traffic and delaying or preventing TCPacknowledgements to be returned for the lower levels of QoS priority,while immediately passing the traffic and TCP acknowledgements forhigher levels of QoS priority. The device link portion of the QoSchannel is thus provisioned by assigning policies for the queuingpriority, delay, throttle rate, and TCP acknowledgement return rate fordevice traffic in accordance with the bandwidth that is available at anypoint in time for the device. In some embodiments, various deviceservice processor traffic control capabilities regulate or partiallyregulate QoS in accordance with a set of network policy instructions,including, in some embodiments, a service plan policy set.

In some embodiments the device service processor establishes multipleQoS channels through the device traffic path with each QoS channelhaving traffic control policies as described herein, with each QoSchannel policy set creating a different class of QoS. In someembodiments, employing this multiple QoS channel approach, QoS for agiven service activity is provided by routing the traffic for that QoSactivity to the appropriate QoS channel with the appropriate QoS policysettings. The routing to the appropriate QoS channel can be providedusing various techniques. For example, the routing can be provided byapplying a common service traffic control policy set to trafficassociated with all QoS service activities that require or request theQoS provided by the common service traffic control policy set. Theapplication of the service traffic control policy set can beaccomplished in a number of ways utilizing the embodiments described forthe policy implementation agent and the policy control agent describedherein. In such embodiments, the problem of assigning a QoS channel to anumber of QoS service activities is reduced to applying a pre-determinedset of service traffic control policies to each of the QoS serviceactivities, with each pre-determined set of service traffic controlpolicies representing a different QoS class. The device can then managethe overall QoS for all traffic based on the available traffic capacityand quality, the total aggregate traffic demand for each QoS trafficclass and the policy rules that determine how each traffic class isprovided with differential bit rate and traffic quality as compared tothe other traffic classes for a given level of available trafficcapacity and quality.

Based on the aggregate demand for each traffic QoS class, and thetraffic capacity and quality level available to the device, the serviceprocessor can adjust the total available bit rate or percentage ofavailable traffic capacity for each QoS class. For example, in someembodiments, the aggregate demand for the real-time interactive trafficcontrol class (e.g. services, such as VOIP, emergency communicationservices or high performance real-time competitive gaming) can bedetermined, and the QoS routing function on the device (e.g., a QoSrouter agent/function) can first allocate enough constant bit ratetraffic capacity from the available traffic capacity to satisfy theseservices, with each QoS service activity that requires this QoS classbeing assigned to this QoS channel. As more QoS service activitiesrequire this traffic class, the capacity allocated to the QoS channelout of the available device capacity is increased, and when fewer QoSservice activities require this traffic class the capacity for this QoSchannel is released. In the event that the device does not have any moreavailable capacity with a guaranteed bit rate QoS level, then additionalQoS service activities that desire, require or request this QoS levelwill not be provided this QoS level, and instead will either be providedwith a lower QoS level or will not be allowed to connect to the accessnetwork. In some embodiments, there can be a hierarchy among thepossible QoS service activities so that if there is no more capacityavailable at a given service QoS level, then the available capacity forthat QoS class is provided to the service activities requiring that QoSfrom highest priority to lowest, until the available QoS class capacityis consumed, and then one or more QoS service activities that are toolow on the priority list to obtain service with that QoS class areeither bumped to a lower QoS class or are denied access. In someembodiments, once the required capacity to satisfy the real-timeconstant rate traffic needs is satisfied, the remaining capacityavailable to the device is then divided among the other QoS channelclasses in accordance with a priority policy, with the priority policybeing based on the relative priority of each service class, the relativepriority of each QoS service activity, or a combination of the relativepriority of each QoS service class and each QoS service activity. Forexample, these relative priority policies can vary from device to devicebased on service plan selection, device type, user standing, user group,device location, device network connection, type of network, time ofday, network busy state, and/or other criteria/measures.

In some embodiments, a QoS link is established between the device and anaccess network equipment element. For example, such equipment elementembodiments can include a 2G/3G/4G wireless base station, a wirelessaccess point, a cable network head end, a DSL network DSLAM, a fibernetwork device traffic aggregator, a satellite network device trafficaggregator, a frame relay aggregation node, an ATM aggregation node,and/or other network equipment. In some embodiments, a logicalcommunication channel is created between the device and the networkequipment element, with the logical communication channel supporting agiven level of QoS or QoS class traffic policy set. For example, thelogical channel can include a RAB formed between a 2G/3G/4G base stationand a wireless end point device. The RAB can be formed by controllingthe media access control (MAC) parameters of the base station radiochannel so that a given level of QoS class policies can be implemented.For example, the RAB can support constant bit rate, low latencycommunication traffic for guaranteed bit rate real-time traffic, or adifferentiated high priority access channel for streaming traffic, or abest effort random access channel for best effort traffic, or anavailable unused capacity traffic for background traffic. The QoSchannel link created in this manner can be dedicated to a single device,or shared with a subset of devices, or available to all devices. The QoSchannel link created in this manner can be used by the device to supporta single QoS activity as described herein, or a group of QoS activitiesas described herein. It will now be apparent to one of ordinary skill inthe art that similar settings for cable head end and cable modem MAC canyield similar QoS classes for QoS links for the cable modem case andthat similar techniques can be applied for a wireless access point or asatellite system MAC to achieve similar QoS classes for QoS links. Itwill also now be apparent to one of ordinary skill in the art that bycreating multiple logical channels in the device link, and/or adjustingthe available access network capacity and quality for each logicaldevice communication channel in the DSLAM or fiber aggregator, similarQoS class QoS links can be established for the DSL and fiberdistribution network cases.

In some embodiments the device service processor serves to route QoSservice activities to the appropriate logical communication channelestablished for the desired QoS class supported by a QoS link betweenthe device and the access network equipment element. In someembodiments, the device service processor elements (e.g., the policyimplementation agent and/or the policy control agent) can be used insome embodiments to assign the same QoS traffic control policies to oneor more QoS service activities that require the same QoS level. In asimilar manner, in some embodiments, the device service processorelements can be used to assign or route service activity traffic for agiven QoS class to the correct logical communication channel between thedevice and the access network element (e.g., a 2G/3G/4G base station)that supports the traffic control policies for the desired QoS class.For example, a QoS service link that supports guaranteed bit rate andlatency can be established with one or more RABs from a base station tothe device, and a second QoS service link can be established thatsupports differentiated preferred access for streaming content using oneor more differentiated access RABs, and a third best effort RAB can beused to support best effort traffic. Each of the required RABs is firstrequested and then provisioned as described herein based on theaggregate required capacity and quality for one or more QoS serviceactivities that require or desire the specific QoS service classassociated with the RAB logical channel policy parameters. Once the setof logical QoS channels is thus established, the service processor(e.g., QoS router agent/function) routes the traffic associated witheach QoS service activity to the appropriate RAB. In some embodiments,the service processor can detect increases or decreases in aggregate QoSclass demand for each QoS class as QoS activities are initiated orterminated for that QoS class, and the service processor can communicatethe required increases or decreases in the RAB assignments required tosupport that logical QoS channel.

In some embodiments, the access QoS link is established by directcommunication from the device in which the device requests the QoSchannel or link from the access network equipment element, or the devicerequests the QoS channel or link from an intermediate networking device,such as a service controller (e.g., or a readily substituted device withsimilar features, such as a home agent, an HLR, a mobile switchingcenter, a base station, an access gateway, a AAA system, PCRF, or abilling system). In some embodiments, the device service processor basesthe QoS channel or link request on an association the device performs tomatch a QoS service activity with a desired or required QoS class or QoStraffic control policy set. For example, this association of QoS classor QoS traffic control policy set with QoS service activity can bedetermined by a predefined policy mapping that is stored on the deviceand used by the service processor. In some embodiments, this policymapping store is populated and/or updated by a service controller (e.g.,or similar function as described herein). In some embodiments, themapping is determined by a service controller (e.g., or similar functionas described herein) based on a report from the device of the QoSservice activity that needs the QoS channel or link.

In some embodiments, the required or desired QoS level for one or moreQoS service activities is determined by a set of QoS service trafficcontrol policies that are pre-assigned to various QoS serviceactivities. For example, a given application can be pre-assigned a QoSclass. As another example, a web service destination such as a VOIPservice site can be assigned a QoS class. As another example, a givenapplication can have one QoS assignment level for general Internettraffic but have a QoS assignment for real-time gaming traffic. Asanother example, a real-time broadcasting website can have a best effortQoS level assigned to programming information and general browsing andhave a differentiated streaming QoS level for broadcast traffic content.In some embodiments, detection of QoS need or QoS assignment request fora given activity can be assigned by a device service processor accordingto a pre-defined QoS policy rules table (e.g., QoS activity table), orcan be determined by a service controller based on information reportedby the device, or can be requested by an application through a QoSapplication interface (e.g., QoS API), or can be determined by thenature of incoming traffic.

In embodiments, in which both end points in the QoS channel participatein establishing an end to end QoS channel, the required QoS level isdetermined and/or communicated by the originating end point. In someembodiments, the required QoS level is determined and/or communicated bythe receiving end point. In some embodiments the QoS level is determinedand/or communicated by the originating end point service controller(e.g., or the access network element (such as a base station), the HLR,home agent, mobile switching center, AAA, gateway, or other networkelement/function). In some embodiments, the QoS level is determinedand/or communicated by the receiving end point service controller (e.g.,or alternatively the access network element (such as a base station),the HLR, home agent, mobile switching center, AAA, gateway, or othernetwork element/function). In some embodiments, the receiving end pointservice controller (e.g., or the access network element (such as a basestation), the HLR, home agent, mobile switching center, AAA, gateway orother network function) and the originating end point service controller(e.g., or other similar function) communicate with one another tocoordinate establishment of the QoS channel between the end points.

In some embodiments, the near end or originating end device serviceprocessor contacts the far end or terminating device service processorto initiate a QoS channel. In some embodiments, the initiation of theQoS channel from the near end or originating device is performedautomatically by the far end device when its service processor detectsthat a given level of QoS is needed for the communication between thetwo devices. In some embodiments, the near end or originating deviceservice processor detects the need for a QoS channel to the far end orterminating device and contacts a central network resources, such as theservice controller (e.g., or other equipment element with similarfunction for this purpose), and the service controller provisions thefar end of the QoS channel, either by communicating directly with thefar end device or by communicating with the far end device's servicecontroller (e.g., or other equipment element with similar function forthis purpose). In some embodiments, in which the far end device servicecontroller is contacted to assist in provisioning the QoS channel, thereis a look up function to determine the address of the far end servicecontroller based on a look up index formed from some aspect of the farend device credentials (e.g., phone number, SIM ID, MEID, IMSI, IPaddress, user name, and/or other device credentials).

In some embodiments, the mapping of QoS service activity to the desiredlevel of QoS class or QoS traffic control policies is determined byproviding a QoS API in the device service processor that applicationsuse to request a QoS class or QoS channel connection. In someembodiments, an API is provided so that application developers cancreate application software that uses the standard interface commands torequest and set up QoS channels. In some embodiments, the API does oneor more of the following: accepts QoS requests from an application,formats the QoS channel request into a protocol appropriate fortransmission to network equipment responsible for assessing QoS channelavailability (e.g., including possibly the device traffic controlsystem), coordinates with other network elements (e.g., includingpossibly the device traffic control system) to reserve a QoS channel,coordinates with other network elements (e.g., including possibly thedevice traffic control system) to provision a QoS channel, informs theapplication that the desired QoS channel can be created or not, and/orcoordinates with other network elements (e.g., including possibly thedevice traffic control system) to connect the application with thedesired QoS channel class. In some embodiments, the QoS API accepts theapplication QoS request and communicates and possibly coordinates withone or more QoS network equipment elements, such as a base station,cable head end or access point. In some embodiments, the QoS API acceptsthe QoS request from the application and communicate and possiblycoordinates with an intermediate network element, such as a serviceprocessor (e.g., or other similar function as described herein). In someembodiments the QoS API assesses the QoS service plan standing for thedevice or user before sending QoS channel requests to other networkelements, and only initiates the QoS request sequence if requiredservice plan authorization is in place. In this manner, the potentiallycomplex process of establishing a QoS channel with all the specificequipment communication protocols that typically need to be supported toassess QoS channel availability and provision the QoS channel aresimplified into a limited set of API commands that are easy for anapplication development community to learn about and use for QoSdifferentiated services and applications.

In some embodiments, local traffic control on the device serviceprocessor is combined with traffic control in the link between thedevice and the access network equipment element. In this manner, boththe device traffic control path QoS link and the device to accessnetwork element QoS link can be coordinated for best device QoSperformance results given the available capacity and quality of theaccess network traffic for the device. In some embodiments, the policiesfor how the device manages local traffic control, establishes accessnetwork element logical channels (e.g., RABs) and routes traffic to andfrom the access network element logical channels is all determined bypredefined policy rules loaded onto the device by the service controller(or other equivalent network element). In some embodiments, thesepolicies are determined in the service controller itself.

In some embodiments, a QoS user interface (e.g., QoS UI) is presented tothe device user. In some embodiments, the QoS UI notifies the user whatlevel of QoS services the device is authorized to receive based on theservice plan selection. In some embodiments, the QoS UI notifies theuser what level of QoS services are available on the present network thedevice is connected to at the present time. In some embodiments, the QoSUI notifies the user when a level of QoS service that is higher thanthat authorized by the user service plan is required or desirable for agiven service activity that the device has initiated. In someembodiments, the QoS UI provides the user with a set of one or moreupgrade options to upgrade the service plan to include a higher level ofQoS for one or more service activities. In some embodiments, the QoS UIprovides the user with an opportunity to specify what level of QoS theuser would like to employ for one or more service usage activities. Insome embodiments, the QoS UI allows the user to specify a service plansetting that provides differentiated QoS during times when the networkis busy. In some embodiments, the QoS UI allows the user to purchase oneor more grades of service QoS with either a post-pay for a pre-definedservice period and one or more pre-defined service usage limits by QoSclass, a pre-pay for one or more pre-defined service usage limits by QoSclass, or another payment system for differentiated QoS services. Insome embodiments, the QoS UI provides the user with an opportunity toQoS enable or pay for QoS services for a connection that is initiated byan incoming connection to the device.

In some embodiments, QoS for DAS techniques include verifying that thedevice is properly implementing the QoS traffic control policies, forexample, in accordance with a service plan. This ensures that errors,hacking, user device software settings manipulations, or other malwareevents do not result in inappropriate levels of QoS for a given deviceor group of devices. Accordingly, in some embodiments, the trafficcontrol and QoS verification techniques described herein are employed toverify that the proper level of QoS is applied for a given service usageactivity in accordance with a QoS priority policy. For example,verification of QoS channel request policy rules behavior can beimplemented in a variety of ways including, as an example, monitoringdevice QoS channel requests and comparing the level of QoS requestedwith the level of QoS the device is authorized to receive in the serviceplan in effect for the device. Verification of proper QoS channel usagebehavior by a device can be implemented in a variety of ways including,for example, monitoring network based reports of QoS service usage andcomparing the network based reports against the service policy rulesthat should be in effect given the device service plan. Verification ofproper device traffic control to implement a QoS service policy that isin effect can be accomplished in a variety of ways by verifying that theappropriate traffic control policy rules are being properly implementedas described herein. In some embodiments, DAS for protecting networkcapacity techniques include various verification techniques (e.g.,verifying monitoring, traffic controlling, reporting, and/or otherfunctions implemented or performed by the device), as described herein.

In some embodiments, the QoS router prioritizes traffic on the device.In some embodiments, the QoS router connects the QoS enabled session tothe RAB that has the proper QoS level. In some embodiments, one sessionis routed to the RAB. In some embodiments, more than one session can berouted to an RAB. In some embodiments, multiple RABs providing multipleQoS levels are created to the device, and the QoS router routes eachservice activity to the RAB dictated by the QoS policy rules in effecton the device.

In some embodiments, the network collects service usage charges fordifferent QoS classes. In some embodiments, there is differentiatedservice charging for the different classes of QoS service usage. As anexample, since guaranteed bit rate traffic consumes network resourceswhether the traffic capacity is used or not, there can be a time elementinvolved in the charging calculations. As a more detailed example,guaranteed bit rate services can be charged by the total bandwidthprovisioned to the device at a given time multiplied by the amount oftime that that bandwidth is made available. In some embodiments,differentiated access traffic that has higher QoS than best efforttraffic but is not guaranteed bit rate can be charged at a higher ratethan best effort traffic but lower than guaranteed bit rate. In someembodiments, such traffic can be charged based on the time the QoSchannel is made available and the total amount of data transmitted overthe channel, or can only be based on the total amount of datatransmitted over the channel. Best effort traffic is charged in someembodiments based only on the total amount of data used, with the datacharges being less than differentiated streaming access services.Background data services in some embodiments are charged at the lowestrate, possibly with only certain times of the day or periods of lownetwork traffic demand being available for such services, and with theservice being based on total data transmitted. In some embodiments, allQoS service levels can be charged based on a fixed price for a fixedcharging period, possibly with a service usage cap with additionalcharges if the service cap is exceeded. In such fixed price scenarioembodiments, the price charged is again higher for higher levels of QoS.In some embodiments, the network collects service usage charges fordifferent network capacity controlled service classes. In someembodiments, there is differentiated service charging for the differentclasses of network capacity controlled service usage, as describedherein.

In some embodiments, the network equipment (e.g., access networkelement, gateways, AAA, service usage storage systems, home agent, HLR,mobile data center, and/or billing systems) record and report serviceusage for one or more of the QoS service classes used by the device. Insome embodiments, the device service processor records and reportsservice usage for one or more of the QoS service classes used by thedevice and reports the QoS service class usage to the service controller(e.g., or another substitute network element). In some embodiments, inwhich the device is recording reporting usage for one or more QoSservice classes, it is important to verify the device service usagereports to ensure that the device usage reports are not distorted,tampered with, and/or otherwise in error. In some embodiments, verifyingservice usage reports against service usage that should be occurringgiven the service control policies in place on the device, serviceprocessor agent functional operation verification, test service usageevents, agent query response sequences, device service processorsoftware protection techniques, device service processor softwareenvironment checks, and several other techniques are provides asdescribed herein. For example, using one or more of these verificationtechniques can provide a verifiable device assisted QoS service usagecharging system. As another example, using one or more of theseverification techniques can provide a verifiable network capacitycontrolled service usage charging system. In some embodiments, thenetwork equipment (e.g., access network element, gateways, AAA, serviceusage storage systems, home agent, HLR, mobile data center, and/orbilling systems) record and report service usage for one or more of thenetwork capacity controlled service classes used by the device, asdescribed herein.

In some embodiments, device assisted traffic control is provided formanaging network congestion as follows. For example, when a given basestation or group of base stations experience traffic demand that is highrelative to the available capacity and/or service quality that can beprovided, and such a condition is determined (e.g., detected orreported) based on a network busy state assessment as described belowand further herein, then a service controller (e.g., or another networkfunction) can issue, send, and/or implement traffic control throttlingpolicies to/for the devices in accordance with a measure of the excesstraffic demand the one or more base stations is experiencing. Forexample, the device service processors connected to an overly busy basestation can be instructed to reduce the traffic control priority for oneor more classes of QoS traffic, reducing the queuing priority,throttling rate, delay and/or access allowance for some or all of one ormore classes of traffic. As another example, the device serviceprocessors connected to an overly busy base station can be instructed toreduce the traffic control priority for one or more classes of networkcapacity controlled services traffic, reducing the queuing priority,throttling rate, delay and/or access allowance for some or all of one ormore classes of such traffic. As another example, one or more classes ofnetwork capacity controlled services traffic, such as backgrounddownload processes, which can include, for example, software updates canbe turned off completely or throttled back significantly. As anotherexample, best effort traffic such as Internet browsing can be throttledor reduced for a group of devices connected to base stationsexperiencing excess traffic demand. As another example, a policy can beimplemented on the devices connected to busy base stations in which thedevice is allowed to browse or conduct other best effort serviceactivities at a relatively high throttling rate for a period of time,but if the device uses more than a certain amount of service (e.g.,total data downloaded and/or uploaded) in a certain period of time thenthe device may be traffic controlled according to an adaptive throttlingpolicy as described herein. In some embodiments, higher QoS leveltraffic cannot be throttled in such circumstances, such as VOIP trafficwhere real-time guaranteed bit rate is important to meet user serviceneeds or expectations, while lower priority traffic such as interactivebrowsing and/or background download are throttled and/or blocked. Insome embodiments, the QoS availability assessment processes describedherein are adjusted so that higher QoS channels are not provided andprovisioned in times or locations in which a given base station or groupof base stations experience excess demand or demand above a giventhreshold.

In some embodiments, users or devices that have service plans withhigher QoS levels, or service plans with higher priority during busynetwork periods have different traffic control policies (e.g., for QoSservices and/or network capacity controlled services) applied to themthat result in a higher level of traffic performance and/or a higherlevel of QoS service availability. For example, emergency serviceworkers can be given higher traffic control access policies that resultin differentiated services during peak busy times on the network or aportion of the network. In some embodiments, users can obtain a premiumservice plan for differentiated access during peak busy time periods ormay use higher levels of QoS service settings and/or service plans toachieve differentiated service during peak busy periods. As anotherexample, services that demand high levels of QoS classes, such asreal-time voice services, instant messaging, push to talk,differentiated video streaming, and/or interactive gaming, are nottraffic controlled to the same extent that other lower priority servicesor lower class service plans are traffic controlled during peak busytimes. For example, this type of service differentiation can also beapplied based on device type, user group, user standing, user rewardzone points, and/or other criteria/measures as similarly describedherein.

In some embodiments, the decision to control (e.g., reduce, increase,and/or otherwise control in some manner) the access traffic controlsettings as described above is made by the device service processorbased on the device's assessment of the network capacity, which can bedetermined using various techniques as described herein. In someembodiments, the decision to control the access traffic control settingsas described above is made by a service controller (e.g., or otherinterchangeable network equipment element or elements as describedherein) connected to the device that provides instructions to the deviceto adjust the access policy settings. For example, the servicecontroller can obtain the network capacity information from accessequipment elements, from device reports of traffic capacity and/orquality as described herein, or from reports on traffic capacity and/orquality obtained from dedicated devices used for the purpose ofassessing network capacity. In some embodiments, the decision to controlthe access traffic control settings as described above is based on thetime of day, the day of week, or both to accommodate cyclical patternsin network capacity and traffic demand.

In some embodiments, a service controller (e.g., or another networkequipment element or elements, as described herein) assesses networkbusy state and then controls device traffic demand by reducing theoffered capacity for one or more service classes (e.g., for QoS servicesand/or network capacity controlled services) supported by the accessnetwork equipment elements, such as a wireless base station. In suchembodiments, the service controller (e.g., or similar function) gathersthe network capacity information with one of the techniques describedherein and instructs one or more of the access network equipmentelements to reduce the offered capacity for one or more levels of QoSclasses and/or network capacity controlled service classes, to one ormore of the devices connected to the access network equipment elements.For example, the determination of which devices to throttle back can bemade based on an equal throttling of all devices of a given service planstatus, or based on the device traffic usage patterns in the recent pastas described herein, or based on a combination of service plan statusand recent traffic usage patterns.

In some embodiments, the device is enabled with ambient services thathave differentiated QoS services and/or network capacity controlledservices as part of the ambient service offering. For example, ambientQoS techniques can be provided using the pre-assigned QoS policies for agiven service activity set within the ambient service, or using anambient service application that requests QoS through the QoS API. Otherembodiments for providing QoS differentiated service activities withinambient service offerings will now be apparent to one of ordinary skillin the art. As another example, ambient network capacity controlledservice techniques can be provided using the pre-assigned networkcapacity controlled policies for a given service activity set within theambient service, monitoring and dynamically assigned techniques, and/orusing an ambient service application that uses API or emulated APItechniques, and/or other techniques as described herein.

In some embodiments, a QoS service control policy is adapted as afunction of the type of network the device is connected to. For example,the QoS traffic control policies and/or the QoS service chargingpolicies can be different when the device is connected to a wirelessnetwork (e.g., a 3G/4G network where there is in general less availableQoS enabled traffic capacity) than when the device is connected to awired network (e.g., a cable or DSL network where there is in general ahigher level of QoS capacity available). In such embodiments, the deviceservice processor and the service controller can coordinate to adapt theQoS service control policies and/or the QoS service charging policies tobe different depending on which network the device is connected to.Similarly, the device QoS service control policy and/or QoS servicecharging policy can also be adapted based on whether the device isconnected to a home wireless network or a roaming wireless network. Insome embodiments, a network capacity controlled service control policyand/or a network capacity controlled charging policy is adapted as afunction of the type of network the device is connected to, as similarlydescribed herein.

In some embodiments, various of the QoS related techniques and/ornetwork capacity controlled services techniques described herein areperformed on the device using DAS techniques and/or on the servicecontroller in secure communication with a verified service processorexecuted on the device using DAS techniques. In some embodiments,various of the QoS related techniques and/or network capacity controlledservices techniques described herein are performed by/incoordination/communication with one or more intermediate networkelements/functions for assisting in various techniques (e.g., functions)for QoS techniques and/or network capacity controlled servicestechniques as described herein.

FIG. 1 illustrates a functional diagram of a network architecture forproviding quality of service (QoS) for device assisted services (DAS)and/or for providing DAS for protecting network capacity in accordancewith some embodiments. In some embodiments, QoS for DAS techniquesdescribed herein are implemented using the network architecture shown inFIG. 1. In some embodiments, DAS for protecting network capacitytechniques described herein are implemented using the networkarchitecture shown in FIG. 1.

As shown, FIG. 1 includes a 4G/3G/2G wireless network operated by, forexample, a central provider. As shown, various wireless devices 100 arein communication with base stations 125 for wireless networkcommunication with the wireless network (e.g., via a firewall 124), andother devices 100 are in communication with Wi-Fi Access Points (APs) orMesh 702 for wireless communication to Wi-Fi Access CPE 704 incommunication with central provider access network 109. In someembodiments, one or more of the devices 100 are in communication withother network element(s)/equipment that provides an access point, suchas a cable network head end, a DSL network DSLAM, a fiber networkaggregation node, and/or a satellite network aggregation node. In someembodiments, each of the wireless devices 100 includes a serviceprocessor 115 (as shown) (e.g., executed on a processor of the wirelessdevice 100), and each service processor connects through a securecontrol plane link to a service controller 122 (e.g., using encryptedcommunications).

In some embodiments, service usage information includes network basedservice usage information (e.g., network based service usage measures orcharging data records (CDRs), which can, for example, be generated byservice usage measurement apparatus in the network equipment), which isobtained from one or more network elements (e.g., BTS/BSCs 125, RANGateways (not shown), Transport Gateways (not shown), Mobile WirelessCenter/HLRs 132, AAA 121, Service Usage History/CDR Aggregation,Mediation, Feed 118, or other network equipment). In some embodiments,service usage information includes micro-CDRs. In some embodiments,micro-CDRs are used for CDR mediation or reconciliation that providesfor service usage accounting on any device activity that is desired. Insome embodiments, each device activity that is desired to be associatedwith a billing event is assigned a micro-CDR transaction code, and theservice processor 115 is programmed to account for that activityassociated with that transaction code. In some embodiments, the serviceprocessor 115 periodically reports (e.g., during each heartbeat or basedon any other periodic, push, and/or pull communication technique(s))micro-CDR usage measures to, for example, the service controller 122 orsome other network element. In some embodiments, the service controller122 reformats the heartbeat micro-CDR usage information into a valid CDRformat (e.g., a CDR format that is used and can be processed by an SGSNor GGSN or other network elements/equipment used/authorized forgenerating or processing CDRs) and then transmits it to a networkelement/function for CDR mediation (e.g., CDR Storage, Aggregation,Mediation, Feed 118).

In some embodiments, CDR mediation is used to account for the micro-CDRservice usage information by depositing it into an appropriate serviceusage account and deducting it from the user device bulk service usageaccount. For example, this technique provides for a flexible serviceusage billing solution that uses pre-existing solutions,infrastructures, and/or techniques for CDR mediation and billing. Forexample, the billing system (e.g., billing system 123 or billinginterface 127) processes the mediated CDR feed from CDR mediation,applies the appropriate account billing codes to the aggregatedmicro-CDR information that was generated by the device, and thengenerates billing events in a manner that does not require changes tothe existing billing systems (e.g., using new transaction codes to labelthe new device assisted billing capabilities). In some embodiments,network provisioning system 160 provisions various networkelements/functions for authorization in the network, such as toauthorize certain network elements/functions (e.g., CDR storage,aggregation, mediation, feed 118 or other network elements/functions)for providing micro-CDRs, reformatted micro-CDRs, and/or aggregated orreconciled CDRs.

As shown in FIG. 1, a CDR storage, aggregation, mediation, feed 118 isprovided. In some embodiments, the CDR storage, aggregation, mediation,feed 118 receives, stores, aggregates and mediates micro-CDRs receivedfrom mobile devices 100. In some embodiments, the CDR storage,aggregation, mediation, feed 118 also provides a settlement platformusing the mediated micro-CDRs, as described herein. In some embodiments,another network element provides the settlement platform usingaggregated and/or mediated micro-CDRs (e.g., central billing interface127 and/or another network element/function).

In some embodiments, various techniques for partitioning of devicegroups are used for partitioning the mobile devices 100 (e.g.,allocating a subset of mobile devices 100 for a distributor, an OEM, aMVNO, and/or another partner or entity). As shown in FIG. 1, a MVNO corenetwork 210 includes a MVNO CDR storage, aggregation, mediation, feed118, a MVNO billing interface 122, and a MVNO billing system 123 (andother network elements as shown in FIG. 1). In some embodiments, theMVNO CDR storage, aggregation, mediation, feed 118 receives, stores,aggregates and mediates micro-CDRs received from mobile devices 100(e.g., MVNO group partitioned devices).

Those of ordinary skill in the art will appreciate that various othernetwork architectures can be used for providing device group partitionsand a settlement platform, and FIG. 1 is illustrative of just one suchexample network architecture for which device group partitions andsettlement platform techniques described herein can be provided.

In some embodiments, CDR storage, aggregation, mediation, feed 118(e.g., service usage 118, including a billing aggregation data store andrules engine) is a functional descriptor for, in some embodiments, adevice/network level service usage information collection, aggregation,mediation, and reporting function located in one or more of thenetworking equipment apparatus/systems attached to one or more of thesub-networks shown in FIG. 1 (e.g., central provider access network 109and/or central provider core network 110), which is in communicationwith the service controller 122 and a central billing interface 127. Asshown in FIG. 1, service usage 118 provides a function in communicationwith the central provider core network 110. In some embodiments, the CDRstorage, aggregation, mediation, feed 118 function is located elsewherein the network or partially located in elsewhere or integrated with/aspart of other network elements. In some embodiments, CDR storage,aggregation, mediation, feed 118 functionality is located or partiallylocated in the AAA server 121 and/or the mobile wireless center/HomeLocation Register (HLR) 132 (as shown, in communication with a DNS/DHCPserver 126). In some embodiments, service usage 118 functionality islocated or partially located in the base station, base stationcontroller and/or base station aggregator, collectively referred to asbase station 125 in FIG. 1. In some embodiments, CDR storage,aggregation, mediation, feed 118 functionality is located or partiallylocated in a networking component in the central provider access network109, a networking component in the core network 110, the central billingsystem 123, the central billing interface 127, and/or in another networkcomponent or function. This discussion on the possible locations for thenetwork based and device based service usage information collection,aggregation, mediation, and reporting function (e.g., CDR storage,aggregation, mediation, feed 118) can be easily generalized as describedherein and as shown in the other figures and embodiments describedherein by one of ordinary skill in the art. Also, as shown in FIG. 1,the service controller 122 is in communication with the central billinginterface 127 (e.g., sometimes referred to as the external billingmanagement interface or billing communication interface), which is incommunication with the central billing system 123. As shown in FIG. 1,an order management 180 and subscriber management 182 are also incommunication with the central provider core network 110 forfacilitating order and subscriber management of services for the devices100 in accordance with some embodiments.

In some embodiments, a service processor download 170 is provided, whichprovides for periodical downloads/updates of service processors (e.g.,service processor 115). In some embodiments, verification techniquesinclude periodically updating, replacing, and/or updating an obfuscatedversion of the service processor, or performing any of these techniquesin response to an indication of a potential compromise or tampering ofany service processor functionality (e.g., QoS functionality and/ornetwork capacity controlled services functionality) executed on orimplemented on the device 100.

In some embodiments, the CDR storage, aggregation, mediation, feed 118(and/or other network elements or combinations of network elements)provides a device/network level service usage information collection,aggregation, mediation, and reporting function. In some embodiments, theCDR storage, aggregation, mediation, feed 118 (and/or other networkelements or combinations of network elements) collects devicegenerated/assisted service usage information (e.g., micro-CDRs) for oneor more devices on the wireless network (e.g., devices 100); andprovides the device generated service usage information in a syntax anda communication protocol that can be used by the wireless network toaugment or replace network generated usage information for the one ormore devices on the wireless network. In some embodiments, the syntax isa charging data record (CDR), and the communication protocol is selectedfrom one or more of the following: 3GPP, 3GPP2, or other communicationprotocols. In some embodiments, as described herein, the CDR storage,aggregation, mediation, feed 118 collects/receives micro-CDRs for one ormore devices on the wireless network (e.g., devices 100). In someembodiments, the CDR storage, aggregation, mediation, feed 118 (e.g., orother network elements and/or various combinations of network elements)includes a service usage data store (e.g., a billing aggregator) and arules engine for aggregating the collected device generated serviceusage information. In some embodiments, the network device is a CDR feedaggregator, and the CDR storage, aggregation, mediation, feed 118(and/or other network elements or combinations of network elements) alsoaggregates (network based) CDRs and/or micro-CDRs for the one or moredevices on the wireless network; applies a set of rules to theaggregated CDRs and/or micro-CDRs using a rules engine (e.g., bill byaccount, transactional billing, revenue sharing model, and/or any otherbilling or other rules for service usage information collection,aggregation, mediation, and reporting), and communicates a new set ofCDRs for the one or more devices on the wireless network to a billinginterface or a billing system (e.g., providing a CDR with a billingoffset by account/service). In some embodiments, a revenue sharingplatform is provided using various techniques described herein. In someembodiments, QoS usage accounting/charging and/or network capacitycontrolled services usage accounting/charging is provided using varioustechniques described herein.

In some embodiments, the CDR storage, aggregation, mediation, feed 118(and/or other network elements or combinations of network elements)communicates a new set of CDRs (e.g., aggregated and mediated CDRsand/or micro-CDRs that are then translated into standard CDRs for agiven wireless network) for the one or more devices on the wirelessnetwork to a billing interface (e.g., central billing interface 127) ora billing system (e.g., central billing system 123). In someembodiments, the CDR storage, aggregation, mediation, feed 118 (and/orother network elements or combinations of network elements) communicateswith a service controller (e.g., service controller 122) to collect thedevice generated service usage information (e.g., micro-CDRs) for theone or more devices on the wireless network. In some embodiments, theCDR storage, aggregation, mediation, feed 118 (and/or other networkelements or combinations of network elements) communicates with aservice controller, in which the service controller is in communicationwith a billing interface or a billing system. In some embodiments, theCDR storage, aggregation, mediation, feed 118 (and/or other networkelements or combinations of network elements) communicates the devicegenerated service usage information to a billing interface or a billingsystem. In some embodiments, the CDR storage, aggregation, mediation,feed 118 (and/or other network elements or combinations of networkelements) communicates with a transport gateway and/or a Radio AccessNetwork (RAN) gateway to collect the network generated/based serviceusage information for the one or more devices on the wireless network.In some embodiments, the service controller 122 communicates the deviceassisted service usage information (e.g., micro-CDRs) to the CDRstorage, aggregation, mediation, feed 118 (e.g., or other networkelements and/or various combinations of network elements).

In some embodiments, the CDR storage, aggregation, mediation, feed 118(e.g., or other network elements and/or various combinations of networkelements) performs rules for performing a bill by account aggregationand mediation function. In some embodiments, the CDR storage,aggregation, mediation, feed 118 (and/or other network elements orcombinations of network elements) performs rules for performing aservice billing function, as described herein, and/or for performing aservice/transactional revenue sharing function, as described herein. Insome embodiments, the service controller 122 in communication with theCDR storage, aggregation, mediation, feed 118 (and/or other networkelements or combinations of network elements) performs a rules enginefor aggregating and mediating the device assisted service usageinformation (e.g., micro-CDRs). In some embodiments, a rules enginedevice in communication with the CDR storage, aggregation, mediation,feed 118 (e.g., or other network elements and/or various combinations ofnetwork elements) performs a rules engine for aggregating and mediatingthe device assisted service usage information (e.g., QOS service usageinformation and/or network capacity controlled services usageinformation).

In some embodiments, the rules engine is included in (e.g., integratedwith/part of) the CDR storage, aggregation, mediation, feed 118. In someembodiments, the rules engine and associated functions, as describedherein, is a separate function/device. In some embodiments, the servicecontroller 122 performs some or all of these rules engine basedfunctions, as described herein, and communicates with the centralbilling interface 127. In some embodiments, the service controller 122performs some or all of these rules engine based functions, as describedherein, and communicates with the central billing system 123.

In some embodiments, a settlement platform service is provided. Forexample, micro-CDRs can be aggregated and mediated to associate serviceusage for one or more services used by a communications device (e.g., auser of the communications device). A rules engine or another functioncan determine a revenue share allocation for the service usage for aparticular service to determine the settlement for such service usagefor the revenue sharing allocation/model and to distribute accountingand settlement information to one or more of carriers, distributionpartners, MVNOs, wholesale partners, and/or other partners or entities.In some embodiments, the service is a transactional service.

In some embodiments, duplicate CDRs are sent from the network equipmentto the billing system 123 that is used for generating service billing.In some embodiments, duplicate CDRs are filtered to send only thoseCDRs/records for devices controlled by the service controller and/orservice processor (e.g., managed devices). For example, this approachcan provide for the same level of reporting, lower level of reporting,and/or higher level of reporting as compared to the reporting requiredby the central billing system 123.

In some embodiments, a bill-by-account billing offset is provided. Forexample, bill-by-account billing offset information can be informed tothe central billing system 123 by providing a CDR aggregator feed thataggregates the device assisted service usage data feed to provide a newset of CDRs for the managed devices to the central billing interface 127and/or the central billing system 123. In some embodiments, transactionbilling is provided using similar techniques. For example, transactionbilling log information can be provided to the central billing interface127 and/or the central billing system 123.

In some embodiments, the rules engine (e.g., performed by the serviceusage 118 or another network element, as described herein) provides abill-by-account billing offset. For example, device assisted serviceusage information (e.g., micro-CDRs) includes a transaction type fieldor transaction code (e.g., indicating a type of service for theassociated service usage information). For example, the rules engine canapply a rule or a set of rules based on the identified serviceassociated with the device generated service usage information todetermine a bill-by-account billing offset (e.g., a new CDR can begenerated to provide the determined bill-by-account billing offset). Insome examples, the determined bill-by-account billing offset can beprovided as a credit to the user's service usage account (e.g., a newCDR can be generated with a negative offset for the user's service usageaccount, such as for network chatter service usage, or transactionalservice usage, or for any other purposes based on one or more rulesperformed by the rules engine).

As another example, for a transactional service, a first new CDR can begenerated with a negative offset for the user's service usage accountfor that transactional service related usage, and a second new CDR canbe generated with a positive service usage value to charge that sameservice usage to the transactional service provider (e.g., Amazon, eBay,or another transactional service provider). In some embodiments, theservice controller 122 generates these two new CDRs, and the serviceusage 118 stores, aggregates, and communicates these two new CDRs to thecentral billing interface 127. In some embodiments, the servicecontroller 122 generates these two new CDRs, and the service usage 118stores, aggregates, and communicates these two new CDRs to the centralbilling interface 127, in which the central billing interface 127applies rules (e.g., performs the rules engine for determining thebill-by-account billing offset).

In some embodiments, the service controller 122 sends the devicegenerated CDRs to the rules engine (e.g., a service usage data store andrules engine, such as CDR storage, aggregation, mediation, feed 118),and the rules engine applies one or more rules, such as those describedherein and/or any other billing/service usage related rules as would beapparent to one of ordinary skill in the art. In some embodiments, theservice controller 122 generates CDRs similar to other network elements,and the rules (e.g., bill-by-account) are performed in the centralbilling interface 127. For example, for the service controller 122 togenerate CDRs similar to other network elements, in some embodiments,the service controller 122 is provisioned on the wireless network (e.g.,by network provision system 160) and behaves substantially similar toother CDR generators on the network).

In some embodiments, the service controller 122 is provisioned as a newtype of networking function that is recognized as a valid, authorized,and secure source for CDRs by the other necessary elements in thenetwork (e.g., CDR storage, aggregation, mediation, feed 118). In someembodiments, if the necessary network apparatus only recognize CDRs fromcertain types of networking equipment (e.g. a RAN gateway or transportgateway), then the service controller 122 provides authenticationcredentials to the other networking equipment that indicate that it isone of the approved types of equipment for providing CDRs. In someembodiments, the link between the service controller 122 and thenecessary CDR aggregation and mediation equipment is secured,authenticated, encrypted, and/or signed.

In some embodiments, the CDR storage, aggregation, mediation, feed 118discards the network based service usage information (e.g., networkbased CDRs) received from one or more network elements. In theseembodiments, the service controller 122 provides the device assistedservice usage information (e.g., device based CDRs or micro-CDRs) to theCDR storage, aggregation, mediation, feed 118 (e.g., the CDR storage,aggregation, mediation, feed 118 can just provide a store, aggregate,and communication function(s), as it is not required to mediate networkbased CDRs and device assisted CDRs), and the device based service usageinformation is provided to the central billing interface 127 or thecentral billing system 123.

In some embodiments, the device based CDRs (e.g., micro-CDRs) and/or newCDRs generated based on execution of a rules engine as described hereinare provided only for devices that are managed and/or based on devicegroup, service plan, or any other criteria, categorization, and/orgrouping, such as based on ambient service or ambient service provideror transactional service or transactional service provider.

In some embodiments, QoS for DAS includes a service processor (e.g., anydevice assisted element/function) that facilitates coordination forand/or provisions wireless access/radio access bearers (e.g., RABs). Insome embodiments, the service processor determines whether a request forQoS is authorized (e.g., according to QoS service level, user standing,available local network capacity (e.g., as reported by other device(s)and/or network)). In some embodiments, device QoS capacity demandreports provide and/or augment network capacity demand reports.

In some embodiments, QoS for DAS includes a service controller (e.g.,any network device based service control element/function) thatfacilitates coordination for and/or provisions wireless access/radioaccess bearers (e.g., RABs) on a device (e.g., a communications device,such as a mobile wireless communications device and/or an intermediatenetworking device), on network, and/or on device plus network. In someembodiments, the service controller provides device QoS capacity demandreports to other network equipment/elements/functions, and then alsoprovisions the RAB channel based on various criteria and determinations.

In some embodiments, QoS for DAS provides for device assistedmonitoring, information, and/or functionality to facilitate QoS withoutand/or to assist network based monitoring, information, and/orfunctionality (e.g., Deep Packet Inspection (DPI) and/or provides suchmonitoring, information, and/or functionality that may not be availablevia network based monitoring, information, and/or functionality (e.g.,encrypted activities on the device may not be accessible by DPI or othernetwork based techniques). For example, QoS for DAS can assist in theQoS setup to facilitate the QoS setup and provide such information thatmay not otherwise be available using network based only techniques. Forexample, device assisted activity and/or service monitoring techniquescan assist in classifying the QoS for the monitored activity and/orservice using, for example, a QoS activity map (e.g., as describedherein or other similar techniques). For example, using such deviceassisted techniques eliminates and/or minimizes DPI or other networkbased techniques that can give rise to privacy concerns/issues, networkneutrality concerns/issues, and/or otherwise may not be able to providesimilar or equivalent granular service/activity monitoring, as discussedabove, and/or also off loads such processing from the network (e.g.,network elements/devices/functionality) to the communications devices(e.g., at least for such communications devices that can perform suchfunctions, based on their processing and/or memory capabilities, aswould be apparent to one of ordinary skill in the art). In someembodiments, QoS for DAS includes the service provider for providing aninitial authorization/clearance for a QoS request (e.g., using varioustechniques described herein), and the service controller determines ifthe QoS request should be authorized (e.g., based on various QoSauthorization/clearance/approval criteria (e.g., QoS activity mapsand/or QoS request rule) and/or network capacity, as described herein).In some embodiments, QoS for DAS includes the service provider forproviding a QoS request including a QoS class to the service controller,and the service controller determines if the QoS request should beauthorized, as described herein. In some embodiments, DAS for protectingnetwork capacity provides for device assisted monitoring, information,and/or functionality to facilitate protecting network capacity withoutand/or to assist network based monitoring, information, and/orfunctionality (e.g., Deep Packet Inspection (DPI) and/or provides suchmonitoring, information, and/or functionality that may not be availablevia network based monitoring, information, and/or functionality (e.g.,encrypted activities on the device may not be accessible by DPI or othernetwork based techniques). In some embodiments, DAS for protectingnetwork capacity provides for device assisted monitoring, information,and/or functionality to facilitate protecting network capacity withoutsolely relying upon DPI and/or without any use or any significant use ofDPI wireless network, which conserves network resources and networkcapacity by controlling device network access behavior at the deviceinstead of deep in the core network at a DPI gateway (e.g., DPI basedtechniques consume over the air wireless network capacity even if chattydevice behavior is blocked at a DPI gateway, in contrast, DAS forprotecting network capacity techniques that do not use DPI basedtechniques for controlling device service usage can, for example,providing a device based usage notification and service selection UIthat does not consume over the air wireless network capacity).

In some embodiments, QoS for DAS and/or DAS for protecting networkcapacity includes providing or facilitating reports for base station(BTS) for network capacity (e.g., sector, channel, busy stateinformation or network capacity usage/availability, and/or networkcapacity expected demand) based on, for example, one or more of thefollowing: monitored application usage on the communications device,monitored user activity on the communications device, location of thecommunications, other available networks, and/or other monitored ordetermined activity, service usage measure, and/or metric. In someembodiments, at or after execution of an application that is determinedto require network service usage (e.g., may require increased wirelessnetwork bandwidth, such as based on a service usage activity map), QoSfor DAS sends information to the network (e.g., a network controller orother network device element/function) that capacity demand isforthcoming for the communications device (e.g., potentially initiatinga provisioning of a QoS radio access bearer (RAB) or other type of RAB).

In some embodiments, network capacity (e.g., busy state information) iscollected from one or more communications devices in communication witha wireless network (e.g., network capacity/usage information measuredfrom each respective communications device's perspective is determinedand stored by the service processor on each respective communicationsdevice) and reported to the service controller, and the servicecontroller (e.g., or another network element/function) uses thisinformation to determine what resources are available for allocation tovarious levels of QoS (e.g., to respond to/facilitate various QoSrequests) and/or to workload balance across multiple base stationsand/or networks (e.g., wired networks, cellular, Wi-Fi, and/or otherwireless networks).

In some embodiments, the service processor executed on thecommunications device sends a QoS request (e.g., a wireless networkbearer channel reservation request or Radio Access Bearer (RAB) request)to the service controller. The service controller verifies the requestusing various verification techniques as described herein. In someembodiments, the service controller facilitates coordination of variousdevice QoS requests with one or more base stations (BTSs) incommunication with the communications device to provide for therequested QoS reservation to facilitate the new QoS session. In someembodiments, the service controller provides a QoS routing function by,for example, providing various QoS routing instructions to a deviceservice processor (e.g., aggregating, prioritizing, queuing,authorizing, allocating reservations/RABs, denying, re-routing (such asto other BTSs and/or other networks) and/or otherwise managing QoSrequests), in which the BTS may or may not be QoS aware. For example,QoS priority can be based on activity (e.g., service usage and/orapplication), service level, user standing, network capacity, time ofday, and/or QoS priority can be purchased on a transaction basis, asession basis, a pre-pay basis or a plan basis. As another example, QoSpriority can also vary by device type, user within a group, group,application type, content type, or any other criteria or measure and/orany combination thereof. In some embodiments, the service controlleralso facilitates coordination of various device QoS requests with othernetwork elements/functions for QoS implementation and management toprovide for an end to end QoS solution.

In some embodiments, QoS can be symmetric for two mobile devices orasymmetric. In some embodiments, QoS resource availability can be fromcommunications devices, BTS(s), other network functions (e.g., servicecontrol, service controller and/or any other network elements/functions)or any combination thereof. In some embodiments, the service controllerprovides QoS demand information to another network element/function. Insome embodiments, the service controller provides the central aggregatorand policy decision point (PDP). In some embodiments, the servicecontroller controls (e.g., at least in part) QoS related functions forcommunications devices, BTS(s), and/or a combination of both.

In some embodiments, charging (e.g., monitoring and/or determiningassociating charging or billing) for QoS service usage/transactionsand/or network capacity controlled services usage/transactions isdetermined using various techniques described herein. For example, theservice processor can assist in charging for QoS and/or network capacitycontrolled activities. In some embodiments, the service processor usesdevice assisted Charging Data Records (CDRs) or micro-CDRs to assist incharging for QoS and/or network capacity controlled activities (e.g.,using QoS class related transaction codes and/or network capacitycontrolled related transaction codes), as described herein with respectto various embodiments. In some embodiments, charging for QoS and/ornetwork capacity controlled services is performed in whole or in part byone or more network elements/functions (e.g., service controller,SGSN/GGSN/other gateways, and/or billing interfaces/servers).

In some embodiments, service usage information includes network basedservice usage information. In some embodiments, the network basedservice usage information includes network based CDRs. In someembodiments, service usage information includes device based serviceusage information. In some embodiments, device based service usageinformation includes device assisted CDRs, also referred to herein asmicro-CDRs, as described herein. In some embodiments, micro-CDRs areused for CDR mediation or reconciliation that provides for service usageaccounting on any device activity that is desired (e.g., providinggranular service usage information, such as based on application layerservice usage monitoring, transaction service usage monitoring, QoSactivities/sessions/transactions, network capacity controlledactivities/sessions/transactions, and/or other types of service usageinformation). In some embodiments, each device includes a serviceprocessor (e.g., a service processor executed on a processor of acommunications device, such as a mobile device or an intermediatenetworking device that can communicate with a wireless network).

In some embodiments, each device activity that is desired to beassociated with a billing event (e.g., for a QoS related billing event)is assigned a micro-CDR transaction code, and the service processor isprogrammed to account for that activity associated with that transactioncode (e.g., various transaction codes can be associated with serviceusage associated with certain services, applications, and/or based onQoS classes or priorities, respectively, which can be used for providinggranular service usage for these various Internet/network basedservices/sites/transactions and/or any other Internet/network basedservices/sites, which can include transactional based services). Forexample, using these techniques, as described herein, essentially anytype of device activity (e.g., including QoS classes and prioritizationand/or network capacity controlled classes and prioritization) can beindividually accounted for and/or controlled (e.g., throttled,restricted, and/or otherwise controlled as desired). In someembodiments, the service processor periodically reports (e.g., duringeach heartbeat or based on any other periodic, push, and/or pullcommunication technique(s)) micro-CDR usage measures to, for example, aservice controller or some other network element/function. In someembodiments, the service controller reformats the heartbeat micro-CDRusage information into a valid CDR format (e.g., a CDR format that isused and can be processed by an SGSN or GGSN or some other authorizednetwork element/function for CDRs) and then transmits the reformattedmicro-CDRs to a network element/function for performing CDR mediation.

In some embodiments, CDR mediation is used to properly account for themicro-CDR service usage information by depositing it into an appropriateservice usage account and deducting it from the user device bulk serviceusage account. For example, this technique provides for a flexibleservice usage billing solution that uses pre-existing solutions for CDRmediation and billing. For example, the billing system can process themediated CDR feed from CDR mediation, apply the appropriate accountbilling codes to the aggregated micro-CDR information that was generatedby the device, and then generate billing events in a manner that doesnot require changes to existing billing systems, infrastructures, andtechniques (e.g., using new transaction codes to label the new deviceassisted billing capabilities).

In some embodiments, the various QoS techniques performed on or by thecommunications device (e.g., using a service processor to provide orassist in providing QoS session provisioning, QoS policy management, QoSpolicy enforcement, and/or QoS accounting/charging, such as QoS chargingrecords and reports) are verified (e.g., using various verificationtechniques described herein). In some embodiments, the various networkcapacity controlled services techniques performed on or by thecommunications device (e.g., using a service processor to provide orassist in providing network capacity controlled services policymanagement, network capacity controlled services policy enforcement,and/or network capacity controlled services charging, such as networkcapacity controlled services charging records and reports) are verified(e.g., using various verification techniques described herein).

For example, a QoS request, QoS related policy rules (e.g., QoS activitymap, QoS related service plan and/or service policy settings) andimplementation, QoS policy enforcement, and QoS charging are verified(e.g., periodically, per transaction, and/or based on some othercriteria/metric). In some embodiments, verification techniques includeone or more of the following: compare a network based service usagemeasure with a first service policy associated with the communicationsdevice, compare a device assisted service usage measure with the firstservice policy, compare the network based service usage measure to thedevice assisted service usage measure, perform a test and confirm adevice assisted service usage measure based on the test, perform a UserInterface (UI) notification (e.g., which can include a userauthentication, password, question/answer challenge, and/or otherauthentication technique), and/or other similar verification techniquesas will now be apparent to one of ordinary skill in the art.Accordingly, in some embodiments, QoS for DAS “closes the loop” forverification of various QoS related techniques, such as QoS requests,QoS grants, QoS usage, and/or QoS charging. In some embodiments, theservice processor and the service controller serve as a verifiable QoSmanagement/coordination system for other QoS elements/functions innetwork. In some embodiments, if such or other verification techniquesdetermine or assist in determining that a QoS request, QoS report,and/or QoS policy behavior (e.g., or similarly, network capacitycontrolled services monitoring, reporting, and/or policy behavior) doesnot match expected requests, reports, and/or policy, then responsiveactions can be performed, for example, the communications device (e.g.,and/or suspect services) can be suspended, quarantined,killed/terminated, and/or flagged for further analysis/scrutiny todetermine whether the device is malfunctioning, needs updating, has beentampered with or compromised, is infected with malware, and/or if anyother problem exists.

In some embodiments, the communications device (e.g., the serviceprocessor) maintains a QoS flow table that associates or maps deviceactivity to QoS level/class to RAB/QoS channel, and in some embodiments,the communications device also informs a QoS management networkfunction/element of the relative priority of the QoS flows for thecommunications device (e.g., based on or using the QoS flow table). Insome embodiments, the service controller receives or collectsinformation from the communications device and maintains such a QoS flowtable for the communications device and, in some embodiments, theservice controller also informs a QoS management networkfunction/element of the relative priority of the QoS flows for thecommunications device (e.g., based on or using the QoS flow table). Insome embodiments, flows can be assigned to activities originating at thecommunications device in a transparent way, or simply by activity classor user preference, or using other techniques.

In some embodiments, the communications device maintains a table of QoSbilling rates, scheduled transmission times, and/other QoS relatedinformation to implement an overlay MAC at the data networking level tomanage QoS on legacy networks that are not QoS MAC enabled and/or do nothave the various functionality to support QoS controls (e.g., and suchtechniques can also be used to provide for QoS functionality acrossdifferent networks). In some embodiments, QoS related policies areexchanged between roaming and home service controllers to facilitate QoSsupport while roaming on a non-home network(s).

In some embodiments, the communications device serves as a networkcapacity indicator (e.g., collecting network capacity information for alocal cell and communicating or reporting that network capacityinformation to the service controller). For example, permanent localcell communications devices can be placed in local cell areas to augmentlegacy equipment for such network capacity indicator/reportingfunctions. Various other techniques for determining network capacityand/or network availability are described herein.

In some embodiments, service partners and/or service providers cansubsidize in whole or in part to upgrade a given user or group of usersto better QoS related service level agreement (SLA)/class for apreferred destination. In some embodiments, based on monitored serviceusage and/or other monitored behavior of the communications device, suchsubsidized QoS upgrade/offers can be presented to a user of thecommunications device (e.g., as an incentive/reward for desired orpreferred user behavior or for other reasons). Similarly, in someembodiments, these techniques are also applied to network capacitycontrolled services.

In some embodiments, QoS charging is based on QoS channel/reservation,service flow, or RAB charging (e.g., single flow per RAB, multi-flow perRAB, multi-RAB per flow). In some embodiments, charging (e.g., for QoSand/or for network capacity controlled services) is based on one or moreof the following: network busy state, time criteria, user service classrequest, traffic volume and class, time and class, network capacity(e.g., network busy state) and class, time of day and class, location,traffic type, application type, application class, destination,destination type, partner service, and/or other criteria/measures. Insome embodiments, QoS charging is verified using the variousverification techniques described herein (e.g., test charging events).In some embodiments, network capacity controlled services charging isverified using the various verification techniques described herein(e.g., test charging events). In some embodiments, QoS charging is bydata usage (e.g., by Megabyte (MB)), service flow by time by QoS class,speed by time, network busy state, time of day/day of week, serviceplan, current network, and/or other criteria/measures. In someembodiments, network capacity controlled services charging is by datausage (e.g., by Megabyte (MB)), service flow by time by network capacitycontrolled services class, speed by time, network busy state, time ofday/day of week, service plan, current network, and/or othercriteria/measures.

In some embodiments, QoS for DAS includes coordinating functions withone or more of the following: DAS elements/functions, Radio AccessNetwork (RAN), Transport network, Core network, GRX network, IPXnetwork, and/or other networks/elements/functions.

FIG. 2 illustrates another functional diagram of another networkarchitecture for providing quality of service (QoS) for device assistedservices (DAS) and/or for providing DAS for protecting network capacityin accordance with some embodiments. In some embodiments, QoS for DAStechniques described herein are implemented using the networkarchitecture shown in FIG. 2. In some embodiments, DAS for protectingnetwork capacity techniques described herein are implemented using thenetwork architecture shown in FIG. 2.

As shown, FIG. 2 includes various devices 100 including serviceprocessors 115. For example, devices 100 can include various types ofmobile devices, such as phones, PDAs, computing devices, laptops, netbooks, tablets, cameras, music/media players, GPS devices, networkedappliances, and any other networked device; and/or devices 100 caninclude various types of intermediate networking devices, as describedherein. The devices 100 are in communication with service control 210and central provider access and core networks 220. Service policies andaccounting functions 230 are also provided in communication with thecentral provider access and core networks 220. For example, devices 100can communicate via the central provider access and core networks 220 tothe Internet 120 for access to various Internet sites/services 240(e.g., Google sites/services, Yahoo sites/services, Blackberry services,Apple iTunes and AppStore, Amazon.com, FaceBook, and/or any otherInternet service or other network facilitated service).

In some embodiments, FIG. 2 provides a wireless network architecturethat supports various DAS for protecting network capacity techniques asdescribed herein. Those of ordinary skill in the art will appreciatethat various other network architectures can be used for providingvarious DAS for protecting network capacity techniques as describedherein, and FIG. 2 is illustrative of just another such example networkarchitecture for which DAS for protecting network capacity techniques asdescribed herein can be provided.

FIG. 3 illustrates another functional diagram of an architecture 300including a device based service processor 115 and a service controller122 for providing quality of service (QoS) for device assisted services(DAS) and/or for providing DAS for protecting network capacity inaccordance with some embodiments. In some embodiments, QoS for DAStechniques described herein are implemented using the functions/elementsshown in FIG. 3. In some embodiments, DAS for protecting networkcapacity techniques described herein are implemented using thefunctions/elements shown in FIG. 3.

For example, the architecture 300 provides a relatively full featureddevice based service processor implementation and service controllerimplementation. As shown, this corresponds to a networking configurationin which the service controller 122 is connected to the Internet 120 andnot directly to the access network 1610. As shown, a data plane (e.g.,service traffic plane) communication path is shown in solid lineconnections and control plane (e.g., service control plane)communication path is shown in dashed line connections. As will beapparent to one of ordinary skill in the art, the division infunctionality between one device agent and another is based on, forexample, design choices, networking environments, devices and/orservices/applications, and various different combinations can be used invarious different implementations. For example, the functional lines canbe re-drawn in any way that the product designers see fit. As shown,this includes certain divisions and functional breakouts for deviceagents as an illustrative implementation, although other, potentiallymore complex, embodiments can include different divisions and functionalbreakouts for device agent functionality specifications, for example, inorder to manage development specification and testing complexity andworkflow. In addition, the placement of the agents that operate,interact with or monitor the data path can be moved or re-ordered invarious embodiments. For example, the functional elements shown in FIG.3 are described below with respect to, for example, FIGS. 4, 12, and 13as well as FIGS. 5 through 11 (e.g., QoS for DAS related embodiments)and FIGS. 14 through 23 (e.g., DAS for protecting network capacityrelated embodiments).

As shown in FIG. 3, service processor 115 includes a service controldevice link 1691. For example, as device based service controltechniques involving supervision across a network become moresophisticated, it becomes increasingly important to have an efficientand flexible control plane communication link between the device agentsand the network elements communicating with, controlling, monitoring, orverifying service policy. In some embodiments, the service controldevice link 1691 provides the device side of a system for transmissionand reception of service agent to/from network element functions. Insome embodiments, the traffic efficiency of this link is enhanced bybuffering and framing multiple agent messages in the transmissions. Insome embodiments, the traffic efficiency is further improved bycontrolling the transmission frequency or linking the transmissionfrequency to the rate of service usage or traffic usage. In someembodiments, one or more levels of security or encryption are used tomake the link robust to discovery, eavesdropping or compromise. In someembodiments, the service control device link 1691 also provides thecommunications link and heartbeat timing for the agent heartbeatfunction. As discussed below, various embodiments disclosed herein forthe service control device link 1691 provide an efficient and securesolution for transmitting and receiving service policy implementation,control, monitoring and verification information with other networkelements.

As shown in FIG. 3, the service controller 122 includes a servicecontrol server link 1638. In some embodiments, device based servicecontrol techniques involving supervision across a network (e.g., on thecontrol plane) are more sophisticated, and for such it is increasinglyimportant to have an efficient and flexible control plane communicationlink between the device agents (e.g., of the service processor 115) andthe network elements (e.g., of the service controller 122) communicatingwith, controlling, monitoring, or verifying service policy. For example,the communication link between the service control server link 1638 ofservice controller 122 and the service control device link 1691 of theservice processor 115 can provide an efficient and flexible controlplane communication link, a service control link 1653 as shown in FIG.3, and, in some embodiments, this control plane communication linkprovides for a secure (e.g., encrypted) communications link forproviding secure, bidirectional communications between the serviceprocessor 115 and the service controller 122. In some embodiments, theservice control server link 1638 provides the network side of a systemfor transmission and reception of service agent to/from network elementfunctions. In some embodiments, the traffic efficiency of this link isenhanced by buffering and framing multiple agent messages in thetransmissions (e.g., thereby reducing network chatter). In someembodiments, the traffic efficiency is further improved by controllingthe transmission frequency and/or linking the transmission frequency tothe rate of service usage or traffic usage. In some embodiments, one ormore levels of security and/or encryption are used to secure the linkagainst potential discovery, eavesdropping or compromise ofcommunications on the link. In some embodiments, the service controlserver link 1638 also provides the communications link and heartbeattiming for the agent heartbeat function.

In some embodiments, the service control server link 1638 provides forsecuring, signing, encrypting and/or otherwise protecting thecommunications before sending such communications over the servicecontrol link 1653. For example, the service control server link 1638 cansend to the transport layer or directly to the link layer fortransmission. In another example, the service control server link 1638further secures the communications with transport layer encryption, suchas TCP TLS or another secure transport layer protocol. As anotherexample, the service control server link 1638 can encrypt at the linklayer, such as using IPSEC, various possible VPN services, other formsof IP layer encryption and/or another link layer encryption technique.

As shown in FIG. 3, the service controller 122 includes an accesscontrol integrity server 1654 (e.g., service policy security server). Insome embodiments, the access control integrity server 1654 collectsdevice information on service policy, service usage, agentconfiguration, and/or agent behavior. For example, the access controlintegrity server 1654 can cross check this information to identifyintegrity breaches in the service policy implementation and controlsystem. In another example, the access control integrity server 1654 caninitiate action when a service policy violation (e.g., QoS policyviolation and/or a network capacity controlled services policyviolation) or a system integrity breach is suspected.

In some embodiments, the access control integrity server 1654 (and/orsome other agent of service controller 122) acts on access controlintegrity agent 1694 (e.g., service policy security agent) reports anderror conditions. Many of the access control integrity agent 1654 checkscan be accomplished by the server. For example, the access controlintegrity agent 1654 checks include one or more of the following:service usage measure against usage range consistent with policies(e.g., usage measure from the network and/or from the device);configuration of agents; operation of the agents; and/or dynamic agentdownload.

In some embodiments, the access control integrity server 1654 (and/orsome other agent of service controller 122) verifies device servicepolicy implementations by comparing various service usage measures(e.g., based on network monitored information, such as by using IPDRs orCDRs, and/or local service usage monitoring information) againstexpected service usage behavior given the policies that are intended tobe in place (e.g., a QoS policy and/or a network capacity controlledservices policy). For example, device service policy implementations caninclude measuring total QoS data passed, QoS data passed in a period oftime, IP addresses, data per IP address, and/or other measures such aslocation, downloads, email accessed, URLs, and comparing such measuresexpected service usage behavior given the policies that are intended tobe in place.

In some embodiments, the access control integrity server 1654 (e.g.,and/or some other agent of service controller 122) verifies deviceservice policy, and the verification error conditions that can indicatea mismatch in QoS service measure and QoS service policy include one ormore of the following: unauthorized network access (e.g., access beyondambient service policy limits); unauthorized network speed (e.g.,average speed beyond service policy limit); network data amount does notmatch QoS policy limit (e.g., device not stop at limit withoutre-up/revising service policy); unauthorized network address;unauthorized service usage (e.g., VOIP, email, and/or web browsing);unauthorized application usage (e.g., email, VOIP, email, and/or web);service usage rate too high for plan, and policy controller notcontrolling/throttling it down; and/or any other mismatch in servicemeasure and service policy. Accordingly, in some embodiments, the accesscontrol integrity server 1654 (and/or some other agent of servicecontroller 122) provides a policy/service control integrity service tocontinually (e.g., periodically and/or based on trigger events) verifythat the service control of the device has not been compromised and/oris not behaving out of policy (e.g., a QoS policy and/or a networkcapacity controlled services policy).

As shown in FIG. 3, service controller 122 includes a service historyserver 1650 (e.g., charging server). In some embodiments, the servicehistory server 1650 collects and records service usage or serviceactivity reports from the Access Network AAA Server 1621 and the ServiceMonitor Agent 1696. For example, although service usage history from thenetwork elements can in certain embodiments be less detailed thanservice history from the device, the service history from the networkcan provide a valuable source for verification of device service policyimplementation, because, for example, it is extremely difficult for adevice error or compromise event on the device to compromise the networkbased equipment and software. For example, service history reports fromthe device can include various service tracking information, assimilarly described above. In some embodiments, the service historyserver 1650 provides the service history on request to other serversand/or one or more agents. In some embodiments, the service historyserver 1650 provides the service usage history to the device servicehistory 1618 (e.g., CDR feed and CDR mediation). In some embodiments,for purposes of facilitating the activation tracking service functions(described below), the service history server 1650 maintains a historyof which networks the device has connected to. For example, this networkactivity summary can include a summary of the networks accessed,activity versus time per connection, and/or traffic versus time perconnection. As another example, this activity summary can further beanalyzed or reported to estimate the type of service plan associatedwith the traffic activity for the purpose of bill sharingreconciliation.

As shown in FIG. 3, service controller 122 includes a policy managementserver 1652 (e.g., policy decision point (PDP) server) for managingservice usage policies, such as QoS policies and/or a network capacitycontrolled services policies. In some embodiments, the policy managementserver 1652 transmits policies to the service processor 115 via theservice control link 1653. In some embodiments, the policy managementserver 1652 manages policy settings on the device (e.g., various policysettings as described herein with respect to various embodiments) inaccordance with a device service profile. In some embodiments, thepolicy management server 1652 sets instantaneous policies on policyimplementation agents (e.g., policy implementation agent 1690). Forexample, the policy management server 1652 can issue policy settings,monitor service usage and, if necessary, modify policy settings. Forexample, in the case of a user who prefers for the network to managetheir service usage costs, or in the case of any adaptive policymanagement needs, the policy management server 1652 can maintain arelatively high frequency of communication with the device to collecttraffic and/or service measures and issue new policy settings. In thisexample, device monitored service measures and any user service policypreference changes are reported, periodically and/or based on varioustriggers/events/requests, to the policy management server 1652. In thisexample, user privacy settings generally require secure communicationwith the network (e.g., a secure service control link 1653), such aswith the policy management server 1652, to ensure that various aspectsof user privacy are properly maintained during such configurationrequests/policy settings transmitted over the network. For example,information can be compartmentalized to service policy management andnot communicated to other databases used for CRM for maintaining userprivacy.

In some embodiments, the policy management server 1652 provides adaptivepolicy management on the device. For example, the policy managementserver 1652 can issue policy settings and objectives and rely on thedevice based policy management (e.g., service processor 115) for some orall of the policy adaptation. This approach can require less interactionwith the device thereby reducing network chatter on the service controllink 1653 for purposes of device policy management (e.g., networkchatter is reduced relative to various server/network based policymanagement approaches described above). This approach can also providerobust user privacy embodiments by allowing the user to configure thedevice policy for user privacy preferences/settings so that, forexample, sensitive information (e.g., geo-location data, websitehistory, and/or other sensitive information) is not communicated to thenetwork without the user's approval. In some embodiments, the policymanagement server 1652 adjusts service policy based on time of day. Insome embodiments, the policy management server 1652 receives, requests,and/or otherwise obtains a measure of network availability/capacity andadjusts traffic shaping policy and/or other policy settings based onavailable network availability/capacity (e.g., a network busy state).

As shown in FIG. 3, service controller 122 includes a network trafficanalysis server 1656. In some embodiments, the network traffic analysisserver 1656 collects/receives service usage history for devices and/orgroups of devices and analyzes the service usage. In some embodiments,the network traffic analysis server 1656 presents service usagestatistics in various formats to identify improvements in networkservice quality and/or service profitability. In some embodiments, thenetwork traffic analysis server 1656 estimates the service qualityand/or service usage for the network under variable settings onpotential service policies. In some embodiments, the network trafficanalysis server 1656 identifies actual or potential service behaviors byone or more devices that are causing problems for overall networkservice quality or service cost. In some embodiments, the networktraffic analysis server 1656 estimates the network availability/capacityfor the network under variable settings on potential service policies.In some embodiments, the network traffic analysis server 1656 identifiesactual or potential service behaviors by one or more devices that areimpacting and/or causing problems for overall networkavailability/capacity.

As shown in FIG. 3, Service Analysis, Test & Download 122B includes abeta test server 1658 (e.g., policy creation point and beta testserver). In some embodiments, the beta test server 1658 publishescandidate service plan policy settings to one or more devices. In someembodiments, the beta test server 1658 provides summary reports ofnetwork service usage or user feedback information for one or morecandidate service plan policy settings. In some embodiments, the betatest server 1658 provides a mechanism to compare the beta test resultsfor different candidate service plan policy settings or select theoptimum candidates for further policy settings optimization, such as forprotecting network capacity.

As shown in FIG. 3, service controller 122 includes a service downloadcontrol server 1660 (e.g., a service software download control server).In some embodiments, the service download control server 1660 provides adownload function to install and/or update service software elements(e.g., the service processor 115 and/or agents/components of the serviceprocessor 115) on the device, as described herein.

As shown in FIG. 3 service controller 122 includes a billing eventserver 1662 (e.g., micro-CDR server). In some embodiments, the billingevent server 1662 collects billing events, provides service planinformation to the service processor 115, provides service usage updatesto the service processor 115, serves as interface between device andcentral billing server 1619, and/or provides trusted third partyfunction for certain ecommerce billing transactions.

As shown in FIG. 3, the Access Network HLR AAA server 1621 is in networkcommunication with the access network 1610. In some embodiments, theAccess Network AAA server 1621 provides the necessary access network AAAservices (e.g., access control and authorization functions for thedevice access layer) to allow the devices onto the central provideraccess network and the service provider network. In some embodiments,another layer of access control is required for the device to gainaccess to other networks, such as the Internet, a corporate networkand/or a machine to machine network. This additional layer of accesscontrol can be implemented, for example, by the service processor 115 onthe device. In some embodiments, the Access Network AAA server 1621 alsoprovides the ability to suspend service for a device and resume servicefor a device based on communications received from the servicecontroller 122. In some embodiments, the Access Network AAA server 1621also provides the ability to direct routing for device traffic to aquarantine network or to restrict or limit network access when a devicequarantine condition is invoked. In some embodiments, the Access NetworkAAA server 1621 also records and reports device network service usage(e.g., device network service usage can be reported to the deviceservice history 1618).

As shown in FIG. 3, the device service history 1618 is in networkcommunication with the access network 1610. In some embodiments, thedevice service history 1618 provides service usage data records used forvarious purposes in various embodiments. In some embodiments, the deviceservice history 1618 is used to assist in verifying service policyimplementation. In some embodiments, the device service history 1618 isused to verify service monitoring. In some embodiments, the deviceservice history 1618 is used to verify billing records and/or billingpolicy implementation (e.g., to verify service usage charging). In someembodiments, the device service history 1618 is used to synchronizeand/or verify the local service usage counter (e.g., to verify serviceusage accounting).

As shown in FIG. 3, the central billing 1619 (e.g., central providerbilling server) is in network communication with the access network1610. In some embodiments, the central provider billing server 1619provides a mediation function for central provider billing events. Forexample, the central provider billing server 1619 can accept serviceplan changes. In some embodiments, the central provider billing server1619 provides updates on device service usage, service plan limitsand/or service policies. In some embodiments, the central providerbilling server 1619 collects billing events, formulates bills, billsservice users, provides certain billing event data and service planinformation to the service controller 122 and/or device 100.

As shown in FIG. 3, in some embodiments, modem selection and control1811 (e.g., in communication with connection manager 1804 as shown)selects the access network connection and is in communication with themodem firewall 1655, and modem drivers 1831, 1815, 1814, 1813, 1812convert data traffic into modem bus traffic for one or more modems andare in communication with the modem selection and control 1811. In someembodiments, different profiles are selected based on the selectednetwork connection (e.g., different service profiles/policies for WWAN,WLAN, WPAN, Ethernet and/or DSL network connections), which is alsoreferred to herein as multimode profile setting. For example, serviceprofile settings can be based on the actual access network (e.g., homeDSL/cable or work network) behind the Wi-Fi not the fact that it isWi-Fi (e.g., or any other network, such as DSL/cable, satellite, orT-1), which is viewed as different than accessing a Wi-Fi network at thecoffee shop. For example, in a Wi-Fi hotspot situation in which thereare a significant number of users on a DSL or T-1 backhaul, the servicecontroller can sit in a service provider cloud or an MVNO cloud, theservice controls can be provided by a VSP capability offered by theservice provider or the service controller can be owned by the hotspotservice provider that uses the service controller on their own withoutany association with an access network service provider. For example,the service processors can be controlled by the service controller todivide up the available bandwidth at the hotspot according to QoS oruser sharing rules (e.g., with some users having higher differentiatedpriority (e.g., potentially for higher service payments) than otherusers). As another example, ambient services (e.g., as similarlydescribed herein) can be provided for the hotspot for verified serviceprocessors.

In some embodiments, the service processor 115 and service controller122 are capable of assigning multiple service profiles associated withmultiple service plans that the user chooses individually or incombination as a package. For example, a device 100 starts with ambientservices that include free transaction services wherein the user paysfor transactions or events rather than the basic service (e.g., a newsservice, eReader, PND service, pay as you go session Internet) in whicheach service is supported with a bill by account capability to correctlyaccount for any subsidized partner billing to provide the transactionservices (e.g., Barnes and Noble may pay for the eReader service andoffer a revenue share to the service provider for any book or magazinetransactions purchased from the device 100). In some embodiments, thebill by account service can also track the transactions and, in someembodiments, advertisements for the purpose of revenue sharing, allusing the service monitoring capabilities disclosed herein. Afterinitiating services with the free ambient service discussed above, theuser may later choose a post-pay monthly Internet, email, and SMSservice. In this case, the service controller 122 would obtain from thebilling system 123 in the case of network based billing (e.g., or theservice controller 122 billing event server 1622 in the case of devicebased billing) the billing plan code for the new Internet, email and SMSservice. In some embodiments, this code is cross referenced in adatabase (e.g., the policy management server 1652) to find theappropriate service profile for the new service in combination with theinitial ambient service. The new superset service profile is thenapplied so that the user maintains free access to the ambient services,and the billing partners continue to subsidize those services, the useralso gets access to Internet services and may choose the service controlprofile (e.g., from one of the embodiments disclosed herein). Thesuperset profile is the profile that provides the combined capabilitiesof two or more service profiles when the profiles are applied to thesame device 100 service processor. In some embodiments, the device 100(service processor 115) can determine the superset profile rather thanthe service controller 122 when more than one “stackable” service isselected by the user or otherwise applied to the device. The flexibilityof the service processor 115 and service controller 122 embodimentsdescribed herein allow for a large variety of service profiles to bedefined and applied individually or as a superset to achieve the desireddevice 100 service features.

As shown in FIG. 3, an agent communication bus 1630 represents afunctional description for providing communication for the variousservice processor 115 agents and functions. In some embodiments, asrepresented in the functional diagram illustrated in FIG. 3, thearchitecture of the bus is generally multipoint to multipoint so thatany agent can communicate with any other agent, the service controlleror in some cases other components of the device, such user interface1697 and/or modem components. As described below, the architecture canalso be point to point for certain agents or communication transactions,or point to multipoint within the agent framework so that all agentcommunication can be concentrated, or secured, or controlled, orrestricted, or logged or reported. In some embodiments, the agentcommunication bus is secured, signed, encrypted, hidden, partitioned,and/or otherwise protected from unauthorized monitoring or usage. Insome embodiments, an application interface agent (not shown) is used toliterally tag or virtually tag application layer traffic so that thepolicy implementation agent(s) 1690 has the necessary information toimplement selected traffic shaping solutions. In some embodiments, anapplication interface agent (not shown) is in communication with variousapplications, including a TCP application 1604, an IP application 1605,and a voice application 1602.

As shown in FIG. 3, service processor 115 includes an API and OS stackinterface 1693. In some embodiments, the API and OS stack interface 1693provides the QoS API functionality as similarly described herein withrespect to various embodiments. In some embodiments, a QoS API is usedto report back QoS availability to applications. In some embodiments,the API and OS stack interface 1693 provides the network capacitycontrolled API and/or emulated API functionality as similarly describedherein with respect to various embodiments. As shown, service processor115 also includes a router 1698 (e.g., a QoS router agent/functionand/or a network capacity controlled services router agent/function) anda policy decision point (PDP) agent 1692. In some embodiments, therouter 1698 provides QoS router functionality as similarly describedherein with respect to various embodiments. In some embodiments, therouter 1698 provides network capacity controlled services routerfunctionality as similarly described herein with respect to variousembodiments. In some embodiments, the QoS router supports multiple QoSchannels (e.g., one or more provisioned/allocated QoS links forming aQoS channel between the device and the desired end point, such as anaccess point/BTS/gateway/network for a single ended QoS channel or othercommunication device for an end to end QoS channel, depending on the QoSconnection/network support/availability/etc.). In some embodiments, theQoS router supports multiple QoS channels, which can each have differentQoS classes/levels. In some embodiments, the QoS router routesapplication/service usage traffic to an appropriate QoS channel. In someembodiments, the QoS router determines the routing/mapping based on, forexample, one or more of the following: a QoS API request, a QoS activitymap, a user request, a service plan, a service profile, service policysettings, network capacity, service controller or other intermediate QoSnetwork element/function/device, and/or any other criteria/measure, assimilarly described herein with respect to various embodiments. In someembodiments, multiple different applications/services are routed to aparticular QoS channel using various techniques described herein. Insome embodiments, different applications/services are routed todifferent QoS channels using various techniques described herein. Insome embodiments, the QoS router assists in managing and/or optimizingQoS usage for the communications device. In some embodiments, the QoSrouter assists in managing and/or optimizing QoS usage across multiplecommunications devices (e.g., based on network capacity for a given cellarea/base station or other access point). In some embodiments, PDP agent1692 provides the PDP agent functionality as similarly described hereinwith respect to various embodiments. As shown, architecture 300 alsoincludes a suspend resume interface 320, network QoS provisioninginterfaces 330 (e.g., for providing the various QoS techniques describedherein), and an activation/suspend resume server 340 and billinginterface server 350 in the service controller 122A.

In some embodiments, device assisted services (DAS) techniques forproviding an activity map for classifying or categorizing service usageactivities to associate various monitored activities (e.g., by URL, bynetwork domain, by website, by network traffic type, by application orapplication type, and/or any other service usage activitycategorization/classification) with associated IP addresses areprovided. In some embodiments, a policy control agent (not shown),service monitor agent 1696 (e.g., charging agent), or another agent orfunction (or combinations thereof) of the service processor 115 providesa DAS activity map. In some embodiments, a policy control agent (notshown), service monitor agent, or another agent or function (orcombinations thereof) of the service processor provides an activity mapfor classifying or categorizing service usage activities to associatevarious monitored activities (e.g., by Uniform Resource Locator (URL),by network domain, by website, by network traffic type, by socket (suchas by IP address, protocol, and/or port), by socket id (such as portaddress/number), by port number, by content type, by application orapplication type, and/or any other service usage activityclassification/categorization) with associated IP addresses and/or othercriteria/measures. In some embodiments, a policy control agent, servicemonitor agent, or another agent or function (or combinations thereof) ofthe service processor determines the associated IP addresses formonitored service usage activities using various techniques to snoop theDNS request(s) (e.g., by performing such snooping techniques on thedevice 100 the associated IP addresses can be determined without theneed for a network request for a reverse DNS lookup). In someembodiments, a policy control agent, service monitor agent, or anotheragent or function (or combinations thereof) of the service processorrecords and reports IP addresses or includes a DNS lookup function toreport IP addresses or IP addresses and associated URLs for monitoredservice usage activities. For example, a policy control agent, servicemonitor agent, or another agent or function (or combinations thereof) ofthe service processor can determine the associated IP addresses formonitored service usage activities using various techniques to perform aDNS lookup function (e.g., using a local DNS cache on the monitoreddevice 100). In some embodiments, one or more of these techniques areused to dynamically build and maintain a DAS activity map that maps, forexample, URLs to IP addresses, applications to IP addresses, contenttypes to IP addresses, and/or any other categorization/classification toIP addresses as applicable. In some embodiments, the DAS activity map isused for various DAS traffic control and/or throttling techniques asdescribed herein with respect to various embodiments for providing QoSfor DAS and/or for providing DAS for protecting network capacity. Insome embodiments, the DAS activity map is used to provide the uservarious UI related information and notification techniques related toservice usage as described herein with respect to various embodiments.In some embodiments, the DAS activity map is used to provide serviceusage monitoring, prediction/estimation of future service usage, serviceusage billing (e.g., bill by account and/or any other serviceusage/billing categorization techniques), DAS techniques for ambientservices usage monitoring, DAS techniques for generating micro-CDRs,and/or any of the various other DAS related techniques as describedherein with respect to various embodiments.

In some embodiments, all or a portion of the service processor 115functions disclosed herein are implemented in software. In someembodiments, all or a portion of the service processor 115 functions areimplemented in hardware. In some embodiments, all or substantially allof the service processor 115 functionality (e.g., as discussed herein)is implemented and stored in software that can be performed on (e.g.,executed by) various components in device 100. In some embodiments, itis advantageous to store or implement certain portions or all of serviceprocessor 115 in protected or secure memory so that other undesiredprograms (e.g., and/or unauthorized users) have difficulty accessing thefunctions or software in service processor 115. In some embodiments,service processor 115, at least in part, is implemented in and/or storedon secure non-volatile memory (e.g., non volatile memory can be securenon-volatile memory) that is not accessible without pass keys and/orother security mechanisms (e.g., security credentials). In someembodiments, the ability to load at least a portion of service processor115 software into protected non-volatile memory also requires a securekey and/or signature and/or requires that the service processor 115software components being loaded into non-volatile memory are alsosecurely encrypted and appropriately signed by an authority that istrusted by a secure software downloader function, such as servicedownloader 1663 as shown in FIG. 3. In some embodiments, a securesoftware download embodiment also uses a secure non-volatile memory.Those of ordinary skill in the art will also appreciate that all memorycan be on-chip, off-chip, on-board, and/or off-board.

FIGS. 4A through 4C illustrates a functional diagram for providingquality of service (QoS) for device assisted services (DAS) inaccordance with some embodiments. In some embodiments, QoS for DAStechniques described herein are implemented using the networkarchitecture shown in FIGS. 4A through 4C.

Referring to FIG. 4A, in some embodiments, QoS functionality isperformed at the communications device 100 using service processor 115as similarly described herein. For example, the service processor 115determines whether or not a QoS request is authorized (e.g., based onthe associated service plan and/or other criteria/measures). If the QoSrequest is authorized, then the service processor 115 communicates withthe base station (BTS) 125 to send the QoS request (e.g., a RAB ormulti-RAB reservation request) to the local BTS. The BTS determineswhether to accept or deny the QoS request (e.g., based on networkcapacity, such as using a first come first service QoS/network bandwidthor best effort access policy or other techniques, and/or othercriteria/measures). The BTS responds to the QoS request accordingly. Ifthe QoS request is granted, the QoS session can be initiated assimilarly described herein. In some embodiments, the service processor115 also performs various QoS charging functions using varioustechniques described herein, and the service processor 115 periodicallysends QoS charging records or reports to the service controller 122(e.g., and/or another network element/function). In some embodiments,the service processor 115 and the QoS related functions performed by theservice processor 115 are periodically verified using the varioustechniques described herein.

Referring to FIG. 4B, FIG. 4B is similar to FIG. 4A except that theservice controller 122 is also shown to be in communication with theservice processor 115 of the communications device 100, which canprovide for the download and periodically updating of the QoS rulesand/or other service plan/profile/policy information that can includeQoS related information. In some embodiments, the service processor 115also performs various QoS charging functions using various techniquesdescribed herein, and the service processor 115 periodically sends QoScharging records or reports to the service controller 122 (e.g., and/oranother network element/function). In some embodiments, the serviceprocessor 115 and the QoS related functions performed by the serviceprocessor 115 are periodically verified using the various techniquesdescribed herein.

Referring to FIG. 4C, at 410, the service processor 115 sends a QoSrequest to the service controller 122 (e.g., the service processor canalso (at least in part) determine whether the QoS request is authorizedas similarly described with respect to FIG. 4A). At 420, the servicecontroller 122 sends the QoS request to the BTS 125 if it is determinedthat the QoS request is authorized using various techniques describedherein and/or whether the BTS 125 has network capacity for the QoSrequest. For example, the service controller can provide a centralpolicy decision point function for QoS related activities (e.g., basedon QoS prioritization, network capacity, and/or othercriteria/measures/policies). At 430, the service controller 122communicates the response to the QoS request accordingly. At 440, if theQoS request was approved, the device 100 initiates the QoS session(e.g., using a RAB or multi-RAB reservation) via the BTS 125. In someembodiments, the service processor 115 also performs various QoScharging functions using various techniques described herein, and theservice processor 115 periodically sends QoS charging records or reportsto the service controller 122 (e.g., and/or another networkelement/function). In some embodiments, the service processor 115 andthe QoS related functions performed by the service processor 115 areperiodically verified using the various techniques described herein.

In some embodiments, QoS techniques as described herein are implementedin the device (e.g., using the service processor 115) and one or moreother network elements/functions, such as the BTS 125, servicecontroller 125, RAN, SGSN/GGSN/other gateways and/or other networkelements/functions, in which various of the QoS related functions can bedistributed or allocated to such network elements/functions based onvarious design/network architecture approaches as will now be apparentto one of ordinary skill in the art, in which QoS related activitiesand/or functions at the device 100 are verified using variousverification techniques described herein.

In some embodiments, the device determines QoS availability by directlyquerying QoS link reservation equipment in the network (e.g., an accesspoint, such as the BTS 125). In some embodiments, the device determinesQoS availability based on an intermediate network function thatcoordinates QoS requests with one or more network QoS link resources. Insome embodiments, the device requests a QoS reservation in advance ofQoS link establishment with one or more QoS network link resources. Insome embodiments, in response to a QoS request, a QoS channel isreported as available only if/after it is determined that the necessaryone or more QoS links required to create the QoS channel are available,and, for example, the QoS channel can then be reserved based on aconfirmation or automatically be reserved in response to the QoSrequest.

FIG. 5 illustrates a functional diagram for generating a QoS activitymap for quality of service (QoS) for device assisted services (DAS) inaccordance with some embodiments. In particular, FIG. 5 illustratestechniques for mapping a service plan or a set of service planpolicies/rules for QoS 510 to a set of QoS activity rules 530. As shown,a set of QoS rules/QoS related device state information 510 (e.g., a setof associated service plan, service plan usage, other state such asnetwork capacity or forecasted demand or time of day/day of week,activity usage, QoS level, and/or user preferences) is mapped using aQoS mapping function to a set of QoS activity rules 530 using varioustechniques described herein. At 530, activity rules (e.g., activitypolicy rules instructions) 530 are determined using the mapping function520. In some embodiments, DAS for network capacity controlled servicestechniques can similarly be implemented using the techniques describedwith respect to FIG. 5 (e.g., for generating and implementing a networkcapacity controlled services activity map).

In some embodiments, the service plan includes a list of activitypolicies, and each activity policy in the service plan specifies how theactivity policy is modified by rules state information. In someembodiments, each activity policy then becomes the instruction for theengine (e.g., QoS mapping function 520) that maps the activity policy toQoS activity rules 530. In some embodiments, service controller 122downloads QoS mapping function 520, which is implemented by serviceprocessor 115.

In some embodiments, the service processor determines (e.g., andclassifies) application/service usage activity demand with or withoutgranular application/service usage activity (e.g., depending on varioususer/service plan/service provider/network/legal and/or other privacyrestrictions and/or any other related requirements or settings). Forexample, policies (e.g., service policy settings and/or service profilesettings) can be downloaded to provide such application/service usageactivity monitoring rules and a QoS activity map for assigning suchmonitored activities to various QoS classes or priorities, and, in someembodiments, such monitoring and the QoS activity map can also beimplemented using various verification techniques described herein(e.g., periodically audited, tested, compared with network service usageinformation). In some embodiments, the QoS activity map is based on aservice plan, service profile, and/or service policy settings associatedwith the communications device. In some embodiments, the QoS activitymap is based on a device group and/or user group. In some embodiments,the QoS activity map is based on user input (e.g., a user of thecommunications device can identify QoS classes/service levels forvarious applications and/or service activities, in response to requestsfor user input, based on user configurations, user defined rules (e.g.,to eliminate or mitigate privacy and/or net neutrality concerns/issues),and/or confirmed monitored user behavior QoS related patterns orpreferences). In some embodiments, the QoS activity map includesmappings/associations based on one or more of the following: a userpreference for a given destination, destination class, application,application class (e.g., by application class instead of with respect toa specific application can also eliminate or mitigate privacy and/or netneutrality concerns/issues), flow, traffic or flow class, time period,time of day, location, network busy state (e.g., provide QoS when youcan, then charge more when busy, notify user of busy state), devicetype, user type, user plan, user group, user standing, partner service,tokens, service type, and/or other criteria or measures.

In some embodiments, various techniques described herein are managed fordevice 100 for incoming and/or outgoing QoS requests. In someembodiments, as shown in FIG. 6, QoS for DAS includes establishing anend to end coordinated QoS service channel control.

FIG. 6 illustrates a functional diagram for quality of service (QoS) fordevice assisted services for an end to end coordinated QoS servicechannel control in accordance with some embodiments. As shown in FIG. 6,a wireless communications device 100A includes a service processor 115Ain secure communication with service controller 122A. A wirelesscommunications device 100B includes a service processor 115B in securecommunication with service controller 122B. In some embodiments, when,for example, device 100A initiates a QoS request for a QoS class sessionin communication with device 100B (e.g., a VOIP call or anotherapplication service requiring or possibly using a QoS class/levelsession, such as a conversational or other QoS type of class/level), assequence of actions are performed using service controller 122A andservice controller 122B to facilitate/setup an end to end coordinatedQoS service channel control. In some embodiments, as similarly describedherein, assuming that service processor 115A and service controller 122Adetermine that the QoS request from device 100A is authorized for thatdevice, then the service controller 122A contacts registry 650 (e.g., adevice registry, such as an HLR, mobile services center, or othercentral database or registry including, for example, service controllermappings by device/IP address/other) to determine the service controllerassociated with/responsible for managing QoS/service control for device100B. The registry 650 provides the service controller 122B information(e.g., IP address/other address) based on this lookup determination. Insome embodiments, service controller 122A then initiates the QoS requestwith service controller 122B to determine if the device 100B isauthorized and/or available for the QoS session requested by device100A. In some embodiments, service controllers 122A/B communicate withBTSs 125A/B to determine whether the QoS request can be facilitated(e.g., based on network capacity) as similarly described herein. In someembodiments, the service controllers 122A and 122B provide the centralQoS coordination function and can request appropriate QoS channelsdirectly from the respective local BTSs. In some embodiments, theservice controllers 122A and 122B also communicate with one or more ofthe following network elements/functions as shown in FIG. 6 in order tofacilitate an end to end coordinated QoS service channel control: RAN610/670, Core Network 620/660, and IPX network 630. In some embodiments,service controllers 122A and 122B communicate with various necessarynetwork elements for provisioning to facilitate session provisioningthrough the carrier core network as similarly discussed above. In someembodiments, service controllers 122A and 122B communicate with variousnecessary network elements for provisioning to facilitate sessionprovisioning through the IPX network as similarly discussed above. Aswill be apparent to one of ordinary skill in the art, QoS for DAStechniques as described herein can be similarly implemented using theseor similar techniques to various other network architectures.

FIG. 7 illustrates a flow diagram for quality of service (QoS) fordevice assisted services (DAS) in accordance with some embodiments. At702, the process begins. At 704, QoS rules are received or determined(e.g., a service processor receives or requests the QoS rules, which maybe included in service plan, service profile, and/or service policysettings associated with the communications device). In someembodiments, the QoS rules are verified using various techniques asdescribed herein (e.g., periodically updated, replaced, downloaded,obfuscated, and/or tested using by a service controller and/or usingother verification techniques). In some embodiments, a QoS API is alsoused by various applications to initiate a QoS request, as describedherein with respect to various embodiments. In some embodiments, the QoSrules are implemented in the form of a QoS activity map in accordancewith various embodiments described herein. At 706, the communicationsdevice's standing for QoS is determined using various techniquesdescribed herein (e.g., based on the service plan, service profile,service policy settings, QoS rules, based on QoS class, current serviceusage, current billing standing, and/or any other criteria/measure). Insome embodiments, in addition to verifying the device/user standing forthe QoS request, whether the device is following or in compliance withan assigned QoS reservation request policy is also verified usingvarious techniques described herein. If the device is determined to notbe eligible for QoS, then at 708, the device User Interface (UI)provides information concerning the denial/ineligibility for QoSsession(s) (e.g., denial/ineligibility explanation and/or options forproviding for one or more QoS options, such as a service plan upgrade orpayment for a certain/set of/period of time for QoS session(s) access).If the device is determined to be eligible for QoS, then at 710, QoSavailability is determined (e.g., based on network capacity, which maybe determined at the device, via communication with the servicecontroller, via communication with the BTS, and/or any combinationthereof, using the various techniques described herein). If QoS isdetermined to not be available, then at 712, the UI provides informationand/or options concerning the QoS availability (e.g., unavailabilityexplanation and/or options for providing for one or more QoS options,such as a service plan upgrade or payment for a certain/set of/period oftime for QoS session(s) access). If QoS is determined to be available,then at 714, a request for network resources for the QoS session is sentto one or more network resources (e.g., service controller, BTS,gateway, core/transport network, IPX/GRX networks, and/or other networkelements/functions/resources). At 716, a confirmation of the approvedQoS session is received to close the loop for the QoS for DAS (e.g., aQoS schedule is received that provides the QoS session confirmationinformation, such as a scheduled RAB/multi-RAB and/or other reservednetwork resource(s) by schedule/other criteria). At 718, one or moreverification techniques are performed to verify the QoS for DASimplementation on the device using various verification techniquesdescribed herein (e.g., comparing QoS service usage reports from anetwork source with the associated device policy; comparing QoS serviceusage reports from a network source with the QoS service usage reportsfrom the device, and/or using other verification techniques as similarlydescribed herein). At 720, the process is completed.

FIGS. 8A through 8C each illustrate another flow diagram for quality ofservice (QoS) for device assisted services (DAS) in accordance with someembodiments. FIG. 8A illustrates another flow diagram for quality ofservice (QoS) for device assisted services (DAS) in accordance with someembodiments. At 802, the process begins. In some embodiments, the QoSpolicies are implemented on the device (e.g., service processorcollects/receives an associated service plan that defines/specifiesbasic policies for QoS, which can include a QoS activity map, which, forexample, maps QoS classes based on application, service usage, flowtype, destination, time of day, network capacity, and/or othercriteria/measures, as similarly described herein). In some embodiments,a QoS API is also used by various applications to initiate a QoSrequest, as described herein with respect to various embodiments. Insome embodiments, the QoS rules are implemented in the form of averified QoS activity map in accordance with various embodimentsdescribed herein. At 804, a QoS request is determined (e.g., by QoSclass for a particular associated service/application). In someembodiments, the QoS request is determined at least in part by using theQoS activity map using various techniques described herein, for example,based on service/application usage monitoring on the device (e.g., bythe service processor service usage monitoring agent). In someembodiments, the QoS request is determined based on the QoS API. In someembodiments, the QoS request is determined to be associated with anoutgoing connection or an incoming connection. At 806, whether the QoSrequest is authorized is determined (e.g., whether the QoS requestsupported by the service plan, sufficient charging credit exists forthis QoS request, and/or other criteria/measures). If not, then at 808,the UI provides a responsive notification and/or option as similarlydescribed herein. If the QoS request is approved, then at 810, a requestfor network resources for the QoS session is sent to one or more networkresources (e.g., service controller, BTS, gateway, core/transportnetwork, IPX/GRX networks, a/another service controller in communicationwith another communications device such as for setting up aconversational class QoS connection with the other communicationsdevice, and/or other network elements/functions/resources). If thedevice is determined to be eligible for QoS, then at 810, QoSavailability is determined (e.g., based on network capacity, which maybe determined at the device, via communication with the servicecontroller, via communication with the BTS or another networkelement/function, and/or any combination thereof, using the varioustechniques described herein). If QoS is determined to not be available,then at 812, the UI provides information and/or options concerning theQoS availability (e.g., unavailability explanation and/or options forproviding for one or more QoS options, such as a service plan upgrade orpayment for a certain/set of/period of time for QoS session(s) access).If QoS is determined to be available, then at 814, a request for networkresources for the QoS session is sent to one or more network resources(e.g., service controller, BTS, gateway, core/transport network, IPX/GRXnetworks, and/or other network elements/functions/resources, to setup,for example, a QoS end to end connection—coordinate all resources end toend for the approved and verified QoS flow). At 816, a confirmation ofthe approved QoS session is received to close the loop for the QoS forDAS (e.g., a QoS schedule is received that provides the QoS sessionconfirmation information, such as a scheduled RAB/multi-RAB and/or otherreserved network resource(s) by schedule/other criteria). At 818, a QoSrouter is executed/performed on the communications device to assist inimplementing QoS for DAS using various verification techniques describedherein (e.g., to perform QoS queuing, throttling, and/or other QoSrouter related functions as described herein). At 820, verified QoScharging is performed (e.g., at least in part) on the device usingvarious techniques described herein (e.g., using the service processor,such as the charging/service usage monitoring and/or other agents asdescribed herein). In some embodiments, QoS charging records and/orreports are provided to one or more network elements for managing QoSbilling and/or other QoS management/billing related service controlfunctions (e.g., to the service controller and/or the billing interfaceor billing server). In some embodiments, QoS for DAS also facilitatesreestablishing the QoS session/connection/channel/stream if the QoSsession/connection/channel/stream is lost or goes down, using similartechniques to those described herein as would be apparent to one ofordinary skill in the art. At 822, the process is completed. In someembodiments, the QoS provisioning channel is closed when the devicesession is over to, for example, free up various resources.

FIG. 8B illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.In some embodiments, QoS for DAS includes identifying the QoSrequirements (e.g., QoS level or QoS class) for a service activity. At824, the process begins. In some embodiments, the QoS policies areimplemented on the device (e.g., service processor collects/receives anassociated service plan that defines/specifies basic policies for QoS,which can include a QoS activity map, which, for example, maps QoSclasses based on application, service usage, flow type, destination,time of day, network capacity, and/or other criteria/measures, assimilarly described herein). In some embodiments, the QoS rules areimplemented in the form of a verified QoS activity map in accordancewith various embodiments described herein. At 826, the device monitorsdevice activity, such as service/application usage activities. In someembodiments, the device detects the relevant activities based on variousservice usage monitoring techniques described herein. At 828, a QoSrequest is determined, for example, using various techniques describedherein. At 830, a QoS level is determined based on the applicationand/or various device monitored service usage/application activitiesassociated with the QoS request using various techniques describedherein. For example, the QoS level can be determined using the QoSactivity map, which provides a QoS policy defined by a table associatingvarious QoS levels with a variety of activities that include variousdevice monitored service usage/application activities. In someembodiments, the QoS activity map includes QoS level mappings based onone or more of the following: application, destination/source, traffictype, connection type, content type, time of day/day of week, networkcapacity, activity usage, service plan selection, current standing, userclass, device class, home/roaming, network capabilities, and/or othercriteria/measures as similarly described herein. In some embodiments, at832, if the QoS level cannot be determined and/or in order to confirm aQoS level or selection among multiple potential appropriate/approved QoSlevels, the UI presents options for a user to select the QoS level. At834, the QoS request is initiated for the determined QoS level (e.g.,QoS class and/or priorities). At 836, the process is completed.

FIG. 8C illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.In some embodiments, QoS for DAS includes determining whether thenetwork should grant the QoS request for a given device activity. At842, the process begins. At 844, QoS request is determined. At 846, thecommunications device's standing for QoS is determined using varioustechniques described herein (e.g., a service processor in combinationwith a service controller or based on a communication for authorizationof the QoS request sent to the service controller determines whether theQoS request is authorized, which can be based on the service plan,service profile, service policy settings, QoS rules, based on QoS class,current service usage, current billing standing, and/or any othercriteria/measure). If the device is determined to not be eligible forQoS, then at 848, the device User Interface (UI) provides informationconcerning the denial/ineligibility for QoS session(s) (e.g.,denial/ineligibility explanation and/or options for providing for one ormore QoS options, such as a service plan upgrade or payment for acertain/set of/period of time for QoS session(s) access). If the deviceis determined to be eligible for QoS, then at 850, QoS availability isdetermined (e.g., based on network capacity, which may be determined atthe device, via communication with the service controller, viacommunication with the BTS or another network element/function, and/orany combination thereof, using the various techniques described herein).If QoS is determined to not be available, then at 852, the UI providesinformation and/or options concerning the QoS availability (e.g.,unavailability explanation and/or options for providing for one or moreQoS options, such as a service plan upgrade or payment for a certain/setof/period of time for QoS session(s) access). If QoS is determined to beavailable, then at 854, a request for network resources for the QoSsession is sent to one or more network resources (e.g., servicecontroller, BTS, gateway, core/transport network, IPX/GRX networks,and/or other network elements/functions/resources can be querieddirectly and/or a centralized QoS resource/networkfunction/element/database can be queried for determining such networkresources and coordinating such scheduling). At 856, a confirmation ofthe approved QoS session is received to close the loop for the QoS forDAS (e.g., a QoS schedule is received that provides the QoS sessionconfirmation information, such as a scheduled RAB/multi-RAB and/or otherreserved network resource(s) by schedule/other criteria). At 858, a QoSrouter is performed. In some embodiments, the QoS router is performed onthe device (e.g., service processor), on a network element/function(e.g., service controller), and/or in combinations thereof. In someembodiments, the QoS router prioritizes multiple QoS requests across agiven communications device. In some embodiments, the QoS routerprioritizes multiple QoS requests across multiple communications devicesand/or across multiple BTSs. In some embodiments, the QoS routerperforms various QoS class degradation, promotion, and/or otherthrottling related techniques as similarly described herein (e.g., basedon session priority, network capacity, workload balancing, QoS priorityrules, and/or other criteria/measures/rules). At 860, the process iscompleted.

FIG. 9 illustrates another flow diagram for quality of service (QoS) fordevice assisted services (DAS) in accordance with some embodiments. Insome embodiments, QoS for DAS includes QoS session provision for aservice activity. At 902, the process begins. At 904, a new QoS sessionis granted and/or confirmed. At 906, a device service processor (e.g.,policy decision point (PDP) agent, also referred to herein as a policycontrol agent) maps the QoS session grant to a QoS monitoring policy(e.g., based on a service controller provided QoS related policy, basedon a service plan associated with the device, user, device/user group,and/or other criteria/measures, as similarly described herein). At 908,the QoS monitoring policy provides commands/instructions to a policyenforcement point (PEP) (e.g., PEP agent, also referred to herein as apolicy implementation agent) for managing/enforcing the new QoSpriorities/sessions. At 910, the PEP determines whether to allow, block,throttle, and/or queue priority (e.g., and/or otherwise control usingvarious traffic control related techniques) a session based on the QoSmonitoring policy. At 912, the process is completed.

FIG. 10 illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.In some embodiments, Radio Access Bearer (RAB) support is available, andthe following process is performed in accordance with some embodiments.At 1002, the process begins. At 1004, the device service processordetects a QoS request or QoS need (e.g., a QoS API request, a QoSrequest or need/benefit of QoS session based on service usagemonitoring, such as by application and/or another service usagemeasure/activity). At 1006, the service processor and/or the serviceprocessor in communication with the service controller determines if theservice plan allows/supports the requested QoS. If not, then at 1008, aUI event is generated (e.g., notifying the device user that such QoS/QoSlevel/class is not available, and potentially offering a QoS/serviceplan upgrade/purchase for that QoS/QoS level/class). At 1010, theservice processor communicates the QoS request to the service controller(e.g., using a secure service control link or secure communicationchannel, as similarly described herein) to request the QoS level/class.At 1012, the service controller determines whether network resources areavailable using various techniques as described herein. In someembodiments, network capacity is determined using various techniques,such as local device measurements; dedicated local device measurementreports; BTS reports; other network element reports; by assessing, forexample, a combination of one or more of available bandwidth, trafficdelay or latency, available QoS level, variability in availablebandwidth, variability in latency, and/or variability in available QoSlevel; and/or other techniques as described herein. At 1014, the servicecontroller responds to the QoS request (e.g., grants or denies the QoSrequest). In some embodiments, another UI event is generated if the QoSrequest is denied as similarly described herein. At 1016 (assuming theQoS request is granted), the device requests a QoS channel from the BTS.In some embodiments, the request includes a QoS request authorizationcode received from the service controller. In some embodiments, theservice controller provides a notification of the QoS request approvalfor the communications device to the BTS, so that the BTS can verify theapproval of the QoS request. In some embodiments, the BTS confirms thedevice QoS channel request directly with the service controller. Forexample, various other techniques for verifying the QoS channel requestcan also be used as similarly described herein and as would be apparentto one of ordinary skill in the art. In some embodiments, the deviceservice processor and/or service controller provides QoS related reportsinforming the BTS of how many QoS channels (e.g., RABs) to provision andhow many best effort resources to provision based on device demandprojections. At 1018 (assuming the QoS channel request is verified), theQoS session is initiated based on an allocated RAB or multi-RABreservation received from the BTS (e.g., and/or other network elementsas similarly described herein). At 1020, the process is completed.

FIG. 11 illustrates another flow diagram for quality of service (QoS)for device assisted services (DAS) in accordance with some embodiments.In some embodiments, RAB support is not available, and the followingprocess is performed in accordance with some embodiments. At 1102, theprocess begins. At 1104, the device service processor detects a QoSrequest or QoS need (e.g., a QoS API request, a QoS request orneed/benefit of QoS session based on service usage monitoring, such asby application, or other service usage measure/activity). At 1106, theservice processor and/or the service processor in communication with theservice controller determines if the service plan allows/supports therequested QoS. If not, then at 1108, a UI event is generated (e.g.,notifying the device user that such QoS/QoS level/class is notavailable, and potentially offering a QoS/service plan upgrade/purchasefor that QoS/QoS level/class). At 1110, the service processorcommunicates the QoS request to the service controller (e.g., using asecure service control link or secure communication channel, assimilarly described herein) to request the QoS level/class. At 1112, theservice controller determines whether network resources are availableusing various techniques as described herein. In some embodiments,network capacity is determined using various techniques, such as localdevice measurements, BTS reports, other network element reports, and/orother techniques as described herein. In some embodiments, the servicecontroller throttles other devices on the link so that the requested QoSlevel can be achieved (e.g., as RAB support is not available). In someembodiments, the service controller time slots traffic from the deviceend in synchronization with a BTS clock or absolute clock to facilitatethe requested QoS level and to achieve necessary network capacity tosupport/facilitate the requested QoS level (e.g., minimizingjitter/inter-packet delay variation) based on current/forecasted networkcapacity on the link. At 1114, the service controller responds to theQoS request (e.g., grants or denies the QoS request). In someembodiments, another UI event is generated if the QoS request is deniedas similarly described herein. At 1116 (assuming the QoS request isgranted), the device initiates the QoS session. At 1118, the deviceservice processor and/or the device service processor in securecommunication with the service controller monitors and verifies the QoSsession using various monitoring and verification techniques describedherein (e.g., checks CDRs to determine if the QoS channel is properlyimplemented by the device). In some embodiments, a UI event is generatedto notify the device user if there are potential problems with the QoSsession implementation, to periodically inform the user of QoS charging,and/or other events/information related to QoS activities. At 1120, theprocess is completed.

FIG. 12 illustrates a device stack for providing various service usagemeasurement techniques in accordance with some embodiments. FIG. 12illustrates a device stack providing various service usage measurementfrom various points in the networking stack for a service monitor agent(e.g., for monitoring QoS related activities and/or for monitoringnetwork capacity controlled services as described herein), a billingagent, and an access control integrity agent to assist in verifying theservice usage measures, QoS related activities and functions, andbilling reports in accordance with some embodiments. As shown in FIG.12, several service agents take part in data path operations to achievevarious data path improvements, and, for example, several other serviceagents can manage the policy settings for the data path service,implement billing for the data path service, manage one or more modemselection and settings for access network connection, interface with theuser and/or provide service policy implementation verification.Additionally, in some embodiments, several agents perform functions toassist in verifying that the service control or monitoring policiesintended to be in place are properly implemented, the service control ormonitoring policies are being properly adhered to, that the serviceprocessor or one or more service agents are operating properly, toprevent unintended errors in policy implementation or control, and/or toprevent/detect tampering with the service policies or control. As shown,the service measurement points labeled I through VI represent variousservice measurement points for service monitor agent 1696 and/or otheragents to perform various service monitoring activities. Each of thesemeasurement points can have a useful purpose in various embodimentsdescribed herein. For example, each of the traffic measurement pointsthat is employed in a given design can be used by a monitoring agent totrack application layer traffic through the communication stack toassist policy implementation functions, such as the policyimplementation driver/agent 1690 (e.g., policy enforcement pointdriver/agent), or in some embodiments the modem firewall agent 1655 orthe application interface agent, in making a determination regarding thetraffic parameters or type once the traffic is farther down in thecommunication stack where it is sometimes difficult or impossible tomake a complete determination of traffic parameters. The particularlocations for the measurement points provided in these figures areintended as instructional examples, and other measurement points can beused for different embodiments, as will be apparent to one of ordinaryskill in the art in view of the embodiments described herein. Generally,in some embodiments, one or more measurement points within the devicecan be used to assist in service control verification and/or device orservice troubleshooting.

In some embodiments, the service monitor agent and/or other agentsimplement virtual traffic tagging by tracking or tracing packet flowsthrough the various communication stack formatting, processing andencryption steps, and providing the virtual tag information to thevarious agents that monitor, control, shape, throttle or otherwiseobserve, manipulate or modify the traffic. This tagging approach isreferred to herein as virtual tagging, because there is not a literaldata flow, traffic flow or packet tag that is attached to flows orpackets, and the book-keeping to tag the packet is done through trackingor tracing the flow or packet through the stack instead. In someembodiments, the application interface and/or other agents identify atraffic flow, associate it with a service usage activity and cause aliteral tag to be attached to the traffic or packets associated with theactivity. This tagging approach is referred to herein as literaltagging. There are various advantages with both the virtual tagging andthe literal tagging approaches. For example, it can be preferable insome embodiments to reduce the inter-agent communication required totrack or trace a packet through the stack processing by assigning aliteral tag so that each flow or packet has its own activity associationembedded in the data. As another example, it can be preferable in someembodiments to re-use portions of standard communication stack softwareor components, enhancing the verifiable traffic control or servicecontrol capabilities of the standard stack by inserting additionalprocessing steps associated with the various service agents andmonitoring points rather than re-writing the entire stack to correctlyprocess literal tagging information, and in such cases, a virtualtagging scheme may be desired. As yet another example, some standardcommunication stacks provide for unused, unspecified or otherwiseavailable bit fields in a packet frame or flow, and these unused,unspecified or otherwise available bit fields can be used to literallytag traffic without the need to re-write all of the standardcommunication stack software, with only the portions of the stack thatare added to enhance the verifiable traffic control or service controlcapabilities of the standard stack needing to decode and use the literaltagging information encapsulated in the available bit fields. In thecase of literal tagging, in some embodiments, the tags are removed priorto passing the packets or flows to the network or to the applicationsutilizing the stack. In some embodiments, the manner in which thevirtual or literal tagging is implemented can be developed into acommunication standard specification so that various device or serviceproduct developers can independently develop the communication stackand/or service processor hardware and/or software in a manner that iscompatible with the service controller specifications and the productsof other device or service product developers.

It will be appreciated that although the implementation/use of any orall of the measurement points illustrated in FIG. 12 is not required tohave an effective implementation, such as was similarly shown withrespect to various embodiments described herein, various embodiments canbenefit from these and/or similar measurement points. It will also beappreciated that the exact measurement points can be moved to differentlocations in the traffic processing stack, just as the variousembodiments described herein can have the agents affecting policyimplementation moved to different points in the traffic processing stackwhile still maintaining effective operation. In some embodiments, one ormore measurement points are provided deeper in the modem stack where,for example, it is more difficult to circumvent and can be moredifficult to access for tampering purposes if the modem is designed withthe proper software and/or hardware security to protect the integrity ofthe modem stack and measurement point(s).

Referring to FIG. 12, describing the device communications stack fromthe bottom to the top of the stack as shown, the device communicationsstack provides a communication layer for each of the modems of thedevice at the bottom of the device communications stack. Examplemeasurement point VI resides within or just above the modem driverlayer. For example, the modem driver performs modem bus communications,data protocol translations, modem control and configuration to interfacethe networking stack traffic to the modem. As shown, measurement pointVI is common to all modem drivers and modems, and it is advantageous forcertain embodiments to differentiate the traffic or service activitytaking place through one modem from that of one or more of the othermodems. In some embodiments, measurement point VI, or anothermeasurement point, is located over, within or below one or more of theindividual modem drivers. The respective modem buses for each modemreside between example measurement points V and VI. In the next higherlayer, a modem selection & control layer for multimode device basedcommunication is provided. In some embodiments, this layer is controlledby a network decision policy that selects the most desirable networkmodem for some or all of the data traffic, and when the most desirablenetwork is not available the policy reverts to the next most desirablenetwork until a connection is established provided that one of thenetworks is available. In some embodiments, certain network traffic,such as verification, control, redundant or secure traffic, is routed toone of the networks even when some or all of the data traffic is routedto another network. This dual routing capability provides for a varietyof enhanced security, enhanced reliability or enhanced manageabilitydevices, services or applications. In the next higher layer, a modemfirewall is provided. For example, the modem firewall provides fortraditional firewall functions, but unlike traditional firewalls, inorder to rely on the firewall for verifiable service usage control, suchas access control and security protection from unwanted networkingtraffic or applications, the various service verification techniques andagents described herein are added to the firewall function to verifycompliance with service policy and prevent/detect tampering of theservice controls. In some embodiments, the modem firewall is implementedfarther up the stack, possibly in combination with other layers asindicated in other Figures and described herein. In some embodiments, adedicated firewall function or layer is provided that is independent ofthe other processing layers, such as the policy implementation layer,the packet forwarding layer and/or the application layer. In someembodiments, the modem firewall is implemented farther down the stack,such as within the modem drivers, below the modem drivers, or in themodem itself. Example measurement point IV resides between the modemfirewall layer and an IP queuing and routing layer (e.g., QoS IP queuingand routing layer and/or a network capacity controlled services queuingand routing layer). As shown, an IP queuing and routing layer isseparate from the policy implementation layer where the policyimplementation agent implements a portion of the traffic control and/orservice usage control policies. As described herein, in someembodiments, these functions are separated so that a standard networkstack function can be used for QoS IP queuing and routing and/or fornetwork capacity controlled services queuing and routing, and themodifications necessary to implement the policy implementation agentfunctions can be provided in a new layer inserted into the standardstack. In some embodiments, the IP queuing and routing layer is combinedwith the traffic or service usage control layer. For example, a combinedrouting and policy implementation layer embodiment can also be used withthe other embodiments, such as shown in FIG. 12. Measurement point IIIresides between the IP queuing and routing layer and a policyimplementation agent layer. Measurement point II resides between thepolicy implementation agent layer and the transport layer, includingTCP, UDP, and other IP as shown. The session layer resides above thetransport layer, which is shown as a socket assignment and sessionmanagement (e.g., basic TCP setup, TLS/SSL) layer. The network servicesAPI (e.g., HTTP, HTTPS, FTP (File Transfer Protocol), SMTP (Simple MailTransfer Protocol), POP3, DNS) resides above the session layer.Measurement point I resides between the network services API layer andan application layer, shown as application service interface agent inthe device communications stack of FIG. 12.

As shown in FIG. 12, the application service interface layer (e.g., QoSapplication service interface layer and/or network capacity controlledservices interface layer) is above the standard networking stack APIand, in some embodiments, its function is to monitor and in some casesintercept and process the traffic between the applications and thestandard networking stack API. In some embodiments, the applicationservice interface layer identifies application traffic flows before theapplication traffic flows are more difficult or practically impossibleto identify farther down in the stack. In some embodiments, theapplication service interface layer in this way assists applicationlayer tagging in both the virtual and literal tagging cases. In the caseof upstream traffic, the application layer tagging is straight forward,because the traffic originates at the application layer. In somedownstream embodiments, where the traffic or service activityclassification relies on traffic attributes that are readily obtainable,such as source address or URL, application socket address, IPdestination address, time of day or any other readily obtainedparameter, the traffic type can be identified and tagged for processingby the firewall agent or another agent as it initially arrives. In otherembodiments, as described herein, in the downstream case, the solutionis generally more sophisticated when a traffic parameter that is neededto classify the manner in which the traffic flow is to be controlled orthrottled is not readily available at the lower levels of the stack,such as association with an aspect of an application, type of content,something contained within TLS, IPSEC or other secure format, or otherinformation associated with the traffic. Accordingly, in someembodiments the networking stack identifies the traffic flow before itis fully characterized, categorized or associated with a serviceactivity, and then passes the traffic through to the applicationinterface layer where the final classification is completed. In suchembodiments, the application interface layer then communicates thetraffic flow ID with the proper classification so that after an initialshort traffic burst or time period the policy implementation agents canproperly control the traffic. In some embodiments, there is also apolicy for tagging and setting service control policies for traffic thatcannot be fully identified with all sources of tagging includingapplication layer tagging.

As shown in FIG. 12, a service monitor agent, which is also incommunication with the agent communication bus 1630, communicates withvarious layers of the device communications stack. For example, theservice monitor agent, performs monitoring at each of measurement pointsI through VI, receiving information including application information,service usage and other service related information, and assignmentinformation. An access control integrity agent is in communication withthe service monitor agent via the agent communications bus 1630, as alsoshown.

FIG. 13 illustrates another device stack for providing various serviceusage measurement techniques in accordance with some embodiments. FIG.13 illustrates an embodiment similar to FIG. 12 in which some of theservice processor is implemented on the modem and some of the serviceprocessor is implemented on the device application processor inaccordance with some embodiments. In some embodiments, a portion of theservice processor is implemented on the modem (e.g., on modem modulehardware or modem chipset) and a portion of the service processor isimplemented on the device application processor subsystem. It will beapparent to one of ordinary skill in the art that variations of theembodiment depicted in FIG. 13 are possible where more or less of theservice processor functionality is moved onto the modem subsystem oronto the device application processor subsystem. For example, suchembodiments similar to that depicted in FIG. 13 can be motivated by theadvantages of including some or all of the service processor networkcommunication stack processing and/or some or all of the other serviceagent functions on the modem subsystem (e.g., and such an approach canbe applied to one or more modems). For example, the service processorcan be distributed as a standard feature set contained in a modemchipset hardware of software package or modem module hardware orsoftware package, and such a configuration can provide for easieradoption or development by device OEMs, a higher level ofdifferentiation for the chipset or modem module manufacturer, higherlevels of performance or service usage control implementation integrityor security, specification or interoperability standardization, and/orother benefits.

Referring to FIG. 13, describing the device communications stack fromthe bottom to the top of the stack as shown, the device communicationsstack provides a communication layer for modem MAC/PHY layer at thebottom of the device communications stack. Measurement point IV residesabove the modem MAC/PHY layer. The modem firewall layer resides betweenmeasurement points IV and III. In the next higher layer, the policyimplementation agent is provided, in which the policy implementationagent is implemented on the modem (e.g., on modem hardware). Measurementpoint II resides between the policy implementation agent and the modemdriver layer, which is then shown below a modem bus layer. The nexthigher layer is shown as the IP queuing and routing layer, followed bythe transport layer, including TCP, UDP, and other IP as shown. Thesession layer resides above the transport layer, which is shown as asocket assignment and session management (e.g., basic TCP setup,TLS/SSL) layer. The network services API (e.g., HTTP, HTTPS, FTP (FileTransfer Protocol), SMTP (Simple Mail Transfer Protocol), POP3, DNS)resides above the session layer. Measurement point I resides between thenetwork services API layer and an application layer, shown asapplication service interface agent in the device communications stackof FIG. 13.

Additional Embodiments of DAS for Protecting Network Capacity

In some embodiments, DAS for protecting network capacity includesclassifying a service activity as a network capacity controlled serviceand implementing a network capacity controlled services policy. In someembodiments, DAS for protecting network capacity includes deviceassisted/based techniques for classifying a service activity as anetwork capacity controlled service and/or implementing a networkcapacity controlled services policy. In some embodiments, DAS forprotecting network capacity includes network assisted/based techniques(e.g., implemented on a network element/function, such as a servicecontroller, a DPI gateway, a BTS/BTSC, etc., or a combination of networkelements) for classifying a service activity as a network capacitycontrolled service and/or implementing a network capacity controlledservices policy. In some embodiments, DAS for protecting networkcapacity includes providing a network access API or an emulated orvirtual network access API (e.g., such an API can provide network busystate information and/or other criteria/measures and/or provide amechanism for allowing, denying, delaying, and/or otherwise controllingnetwork access). In some embodiments, DAS for protecting networkcapacity includes implementing a service plan that includes a networkcapacity controlled services policy (e.g., for differential networkaccess control and/or differential charging for network capacitycontrolled services, which can also be based on a network busy stateand/or other criteria/measures).

In some embodiments, DAS for protecting network capacity techniques alsoprovide improved user privacy and facilitate network neutralityrequirements. In contrast, network based techniques (e.g., DPI basedtechniques) can give rise to user privacy and network neutralityconcerns and problems as discussed above. In some embodiments, DAS forprotecting network capacity techniques include allowing a user tospecify (e.g., permit or not permit) whether the network is aware of theuser's Internet behavior (e.g., using UI input). In some embodiments,DAS for protecting network capacity techniques include allowing a userto select how they want their traffic usage and service plan costs to bemanaged.

FIG. 14 illustrates a flow diagram for device assisted services (DAS)for protecting network capacity in accordance with some embodiments. At1402, the process begins. At 1404, monitoring a network service usageactivity of a device in network communication (e.g., wireless networkcommunication) is performed. At 1406, whether the monitored networkservice usage activity is a network capacity controlled service isdetermined. At 1408 (the monitored network service usage activity wasdetermined not to be a network capacity controlled service), the networkservice usage activity is not classified for differential network accesscontrol. At 1410, (the monitored network service usage activity wasdetermined to be a network capacity controlled service), the networkservice usage activity is classified (e.g., into one or more networkcapacity controlled services) for differential network access controlfor protecting network capacity. In some embodiments, classifying thenetwork service usage activity includes classifying the network serviceusage activity into one or more of a plurality of classificationcategories for differential network access control for protectingnetwork capacity (e.g., one or more network capacity controlled serviceclassifications and/or a priority state classification, such as abackground services classification and/or a background priority stateclassification). At 1412, associating the network service usage activitywith a network capacity controlled services control policy based on aclassification of the network service usage activity to facilitatedifferential network access control for protecting network capacity isperformed. At 1414, implementing differential network access control forprotecting network capacity by implementing different traffic controlsfor all or some of the network service usage activities (e.g., based ona network busy state or another criteria/measure) is performed. At 1416,the process is completed.

FIG. 15 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 1502, the process begins. At 1504, monitoring networkservice usage activities of a device in network communication isperformed. At 1506, monitored network service usage activity of thedevice is reported (e.g., to a network element/function). At 1508, astatistical analysis of a reported network service usage activitiesacross a plurality of devices is performed (e.g., by a networkelement/function). At 1510, the device receives a network service usageactivity classification list (e.g., a network capacity controlledservices list, which can be generated, for example, based on themonitored network service usage activities and the statistical analysisas well as other criteria/measures, including, for example, a serviceplan and/or a network busy state) from the network element. At 1512,implementing differential network access control based on the networkservice usage activity classification list for protecting networkcapacity is performed. At 1514, the process is completed. In someembodiments, DAS for protecting network capacity further includesassociating the network service usage activity with a network serviceusage control policy (e.g., a network capacity controlled servicespolicy) based on a classification of the network service usage activityto facilitate differential network access control for protecting networkcapacity. In some embodiments, DAS for protecting network capacityfurther includes differentially controlling the network service usageactivity (e.g., network capacity controlled service) based on theservice usage activity classification list.

FIG. 16 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 1622, the process begins. At 1624, a first report ofnetwork service usage activity of a first device is received (e.g., at anetwork element/function) from the first device. At 1626, a secondreport of network service usage activity of a second device (e.g., at anetwork element/function) from the second device is received. At 1628, astatistical analysis of a plurality of reported service usage activitiesacross a plurality of devices, including the first device and the seconddevice, is performed (e.g., by a network element/function). At 1630, anetwork service usage activity classification list (e.g., a networkcapacity controlled services classification list) is sent to the firstdevice (e.g., from a network element/function) for classifying networkservice usage activities (e.g., network capacity controlled services)based on the network service usage activity classification list fordifferential network access control for protecting network capacity. At1632, a network service usage activity classification list is sent tothe second device (e.g., from a network element/function) forclassifying network service usage activities based on the networkservice usage activity classification list for differential networkaccess control for protecting network capacity. At 1634, the process iscompleted. In some embodiments, DAS for protecting network capacityfurther includes associating the network service usage activity with aservice usage control policy (e.g., a network capacity controlledservices policy) based on a classification of the network service usageactivity to facilitate differential network access control forprotecting network capacity. In some embodiments, DAS for protectingnetwork capacity further includes differentially controlling the networkservice usage activity (e.g., network capacity controlled service) basedon the service usage activity classification list (e.g., networkcapacity controlled services classification list). In some embodiments,classifying network service usage activities is based on which networkto which the device is connected. In some embodiments, the networkservice usage control policy is based on which network to which thedevice is connected.

FIG. 17 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 1702, the process begins. At 1704, monitoring a networkservice usage activity of a plurality of devices in networkcommunication using network based techniques is performed. At 1706, astatistical analysis of monitored network service usage activitiesacross the plurality of devices is performed. At 1708, a network serviceusage activity classification list (e.g., a network capacity controlledservices classification list) is sent to each of the plurality ofdevices for classifying network service usage activities (e.g., networkcapacity controlled services) based on the service usage activityclassification list for differential network access control forprotecting network capacity. At 1710, the process is completed.

FIG. 18 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 1802, the process begins. At 1804, monitoring networkservice usage activities of a device in network communication isperformed. At 1806, associating a network service usage activity (e.g.,a network capacity controlled service) with a service usage controlpolicy (e.g., a network capacity controlled services policy) based on aclassification of the network service usage activity (e.g., a networkcapacity controlled services classification list) for differentialnetwork access control for protecting network capacity is performed. At1808, a user notification based on the service usage control policy isgenerated. At 1810, the process is completed.

In some embodiments, the service usage control policy includes a serviceusage notification policy. In some embodiments, the user notificationincludes one or more of the following: a notification that theapplication to be downloaded and/or launched is a network capacitycontrolled service; a list of one or more service activities (e.g.,applications, OS/other software functions/utilities, and/or otherfunctions/utilities as described herein) that have a network capacitycontrolled services classification; type of service policy in effect forone or more network capacity controlled services; notification that aservice activity belongs to a network capacity controlled servicesclass; notification that a service activity that is classified asnetwork capacity controlled service can have the service class changed;notification that if the service class is changed for a service activitythe service charges will change; notification that one or more networksare available (e.g., one or more alternative networks and/or networkbusy state information and/or charging information and/or incentivesassociated with such networks), a service plan upgrade/downgradeoffer/option; and an offer for a service plan that rewards a user thatresponds to the notification a service plan is lower cost/discounted forresponding to notification to use or not to use service activity basedon usage level warning notification. In some embodiments, the usernotification includes a user preference selection, including one or moreof the following: a provision to associate an access policy control withthe application (e.g., allow/block, notify of usage, notify of usage ata given threshold, traffic control settings, allow during certain times,allow when network not busy, and/or other policy controls as describedherein), an over-ride option for selecting the service usage controlpolicy; a modify option to select the service usage control policy; aselect option to select a new service plan (e.g., an option to reviewand select alternative/new service plan upgrade/downgrade options), andan acknowledgement request (e.g., to confirm/acknowledge receipt of thenotification, in which the acknowledgement can be transmitted to anetwork element/function and/or stored locally for laterreference/transmission).

In some embodiments, before a given device application, process,function, OS service or other service activity is allowed to start, theintention to start is intercepted by a launch manager, the backgroundservice policy set or the network protection service policy set for theservice activity is retrieved, and any necessary user notification orservice launch control policies are implemented prior to allowing theservice activity to launch. In such embodiments, a launch interceptmanager may be used to implement this functionality. In someembodiments, this launch intercept manager is provided with a listidentifying the service activities (e.g. application identifiers, OSfunction identifiers, aggregate service activity identifiers, and/orcomponent service activity identifiers) that have a launch controlpolicy in effect. In some embodiments, the list of launch controlpolicies includes blocking or delaying launch of the one or more serviceactivities. In some embodiments, the launch control policy includes auser notification before, during or after the service activity islaunched. In some embodiments, the user is informed that a serviceactivity that has a background service control policy in effect or anetwork protection service control policy in effect is attempting tolaunch, is about to launch or has launched. In a further set ofembodiments, the launch is held up until the user is notified and isallowed to decide if they would like to launch the service activity. Insome embodiments, the user notification includes a message that theservice activity attempting to launch consumes a large amount of serviceusage and asks the user if they would like to continue (e.g. “Thisapplication consumes a large amount of data, would you like tocontinue?”, “This application consumes data even when you are not usingit, would you like to continue?” “This application consumes data whileyou are roaming which adds cost to your usage bill, would you like tocontinue?”, etc). In some embodiments, the decision on whether or not tolaunch a service activity is pre-programmed into the list identifyingthe service activities (e.g. application identifiers, OS functionidentifiers, aggregate service activity identifiers, and/or componentservice activity identifiers) that have a launch control policy ineffect. In some embodiments a portion of the list is pre-programmed bythe user in accordance with user preference for controlling usage ofservice activities. In some embodiments, a portion of the list ispre-programmed by a network element (e.g. a service controller) inaccordance with network background service or network protection servicepolicies specified by a service policy design management system operatedby a service provider as described herein. In some embodiments, thepolicy implementation defined by the list identifying the serviceactivities (e.g. application identifiers, OS function identifiers,aggregate service activity identifiers, and/or component serviceactivity identifiers) that have a launch control policy in effect isverified to ensure that the user or malicious software has not defeatedthe policy enforcement specified in the list. In some embodiments thelist identifying the service activities that have a launch controlpolicy in effect includes launch policies that are a function of one ormore of: background service state, network busy state (or performancestate or QoS state), type of network the device is connected to, home orroaming connection, time of day or day of week.

In some embodiments, the various design techniques described herein thatallow for intercepting a service activity intention to launch, andapplying a background service policy set or a network protection servicepolicy set can be designed into the OS itself. For example, theintercept and policy implementation functions can be designed into theactivity manager, broadcast intent manger, media service manager,service manager, or other application or service activity managementfunction in the Android OS. One of ordinary skill in the art willrecognize that similarly, the various design techniques described hereinthat allow for intercepting a service activity intention to launch, andapplying a background service policy set or a network protection servicepolicy set can be designed into application launch management functionsin the iPhone OS, windows mobile OS, windows PC OS, Blackberry OS, PalmOS, and other OS designs.

In some embodiments, the pre-launch user notification informationindicates one or more of: typical service usage or cost, or projectedservice usage or cost for the service activity attempting to launch. Insome embodiments, the user sets limitations on access for one or moreservice activities and once this limit is hit then when the serviceactivities with exceeded limits attempt to launch the user is notified.In some embodiments, the user chooses from a set of service restrictionsrather than simply blocking or allowing service activity launch, withexample service restrictions including but not limited to: apre-configured set of restriction policies to chose from (e.g. fullaccess, limited access, highly restricted access or block access),block, throttle, delay, aggregate and hold, limit amount of usage perunit time, cap usage, set limit for additional notification, specifytype of network, specify busy state (performance, QoS) or backgroundstate, or choose from pre-configured settings options.

In some embodiments, the user notification occurs after the userattempts to download or load an application onto the device (e.g., anapplication downloaded from the web or an online application store for asmart phone or other wireless/network computing device, such as an AppleiPhone or iPad, or Google Android/Chrome based device). In someembodiments, the user notification occurs after the user attempts to runthe service activity or to initiate usage of a cloud basedservice/application (e.g., Google or Microsoft cloud service basedapps). In some embodiments, the user notification occurs after one ormore of the following: the service usage activity hits a usage thresholdevent, the service usage activity attempts a network service usage thatsatisfies a pre-condition, an update to a network capacity protectionservice activity classification list or policy set, and a networkmessage is sent to the device triggering the notification. In someembodiments, the user notification provides information on the serviceusage activity that is possible, typical, or likely for the serviceusage activity. In some embodiments, the user notification includes auser option for obtaining more information about the service usage ofthe service activity (e.g., a message that the service usage activitymay result in a high service usage and/or that the service usageactivity may or will result in a high service usage as compared in someway to a limit of the current service plan) to make informed userpreference settings.

In some embodiments, a user notification includes displaying (e.g., andas applicable, allowing users to provide UI input) one or more of thefollowing: current and/or past/historical/logged network service usageactivity list, current and/or past/historical/logged network capacitycontrolled service usage activities, current activity policy settings,current or available networks, service plan options (e.g., for how totreat one or more network capacity controlled service traffic types),selection option(s) to assign a network capacity controlled serviceactivity into a different priority traffic control and/or chargingbuckets, network service usage by activity (e.g., network capacitycontrolled services and other services), network busy state (e.g., andwith resulting policies in force), service activity policy setting vs.busy state and time/day/week, network service activity priority, networkservice activity usage statistics (e.g., vs. network busy state and/ornetwork service usage control policy state).

In some embodiments, a UI notification is displayed when user attempts anetwork capacity controlled service activity during a network busy state(e.g., that modifies a network capacity controlled services policy). Insome embodiments, the UI notification includes information on serviceplan choice and a network capacity controlled services policy over-rideoption (e.g., one time, time window, usage amount, permanent byactivity, and/or all), charging information based on a user selection,and/or service plan upgrade information and options.

In some embodiments, a UI notification is displayed for user input forpreferences/configurations for multiple networks (e.g., WiFi, 4G, 3G,and/or other wired or wireless access networks) including chargingpolicy. In some embodiments, a UI notification is displayed when aspecified network traffic service usage activity (e.g., based on networkcapacity controlled services classification, QoS classification,priority classification, time based criteria, network capacity, serviceplan, charging criteria, and/or other criteria/measures) is beingattempted or is occurring and providing options (e.g., allow, block,delay, throttle, and/or other options).

In some embodiments, a UI fuel gauge is displayed (e.g., to depictcurrent and/or historical network service usage, for example, relativeto a service plan for the device, by network, relative to network busystate, time based criteria, and/or other criteria/measures). In someembodiments, a user notification includes a communication sent to theuser (e.g., an email, SMS or other text message, voice message/call,and/or other electronic form of communication). In some embodiments, thecommunication sent to the user includes network service usageinformation, network capacity controlled service usage relatedinformation, and/or an instruction to log into a web page or send acommunication for more information (e.g. regarding an information updateand/or alert or warning message, such as related to network serviceusage and/or charging for network service usage).

In some embodiments, a notification (e.g., a user or network servicecloud notification) is generated based on an aggregate service activityreports usage (e.g., allows network provider to generate usernotifications and/or to notify application provider/service activityprovider). In some embodiments, a notification (e.g., a user or networkservice cloud notification) is generated based on a publishing of anupdated/new network capacity controlled services list based on anaggregate monitored activity (e.g., based on a service plan, velocity,sockets opening frequency/rate (e.g., messaging layer behavior), totaldata usage, peak busy time usage to formulate or update black list formonitoring, notifying, and/or controlling, which can be applied to one,multiple, group, or all devices). In some embodiments, a notification(e.g., a user or network service cloud notification) is generated basedon data usage trends for particular device relative to an associatedservice plan and/or other comparable devices or data usagethresholds/statistical based data usage measures.

In some embodiments an application is actually composed of severalcomponent applications, processes or functions. Examples of this includebut are not limited to: the components of a Java application JAR file;applications that use OS functions; applications that use a proxyservice function; applications, functions or processes that coordinatewith one another to implement a composite process, function orapplication; and OS process functions that support an application oroverall OS function. In such embodiments it is important to be able tocategorize all applications, functions and processes on a device thatcontribute to the service usage of a service activity so that theservice activity can be monitored for service usage, have the serviceusage accounted for, implement the appropriate user notification whenone or more service activity components attempts to start or use thenetwork, implement the appropriate user notification when one or moreservice activity components reaches a pre-determined service usage levelthat requires user notification, and implement the appropriatebackground service or network protection service usage controls asspecified herein ((including but not limited to for example: blocknetwork access, restrict network access, throttle network access, delaynetwork access, aggregate and hold network access, select for time ofday network access restrictions, select network type restrictions,select roaming network access restrictions, select service usagerestrictions such as a usage limit, select service cost restrictionssuch as a cost limit or otherwise place on another form of backgroundservice status or network usage restriction as described herein). In thecase of service activity components that belong exclusively to oneaggregate service activity (e.g. an application, application JAR file orOS function), this may be accomplished by including each of thecomponent service activities on a list that identifies the serviceactivity components that belong to the aggregate service activity, andthen monitoring, possibly controlling and providing user notificationsbased on the aggregate or component behavior of each service activity inaccordance with the policies specified for the aggregate serviceactivity. For example, it is necessary to group all application launchbehavior and/or network access behavior under the monitoring, launch,notification, accounting and background service controls or networkprotection service controls (or other background or network protectionservice policies as specified herein) in accordance with the backgroundservice or network protection service policies for the aggregateapplication that the JAR file supports. As another example, if an OSnetwork synch or update function utilizes various software components orprocesses to implement the network synch or update function, then eachof the software components or process must be monitored and aggregatedunder the background service policies or network protection servicepolicies for the aggregate OS synch or update function.

In some embodiments, this ability to group usage for a related set ofservice activity components dedicated to an aggregate service activityas described herein is used to improve usage reporting of serviceactivities to a service controller for the purpose of statisticallyidentifying service activities that are candidates for backgroundservice policy controls or network protections service policy controls.

In some cases, multiple applications, processes, functions, OS servicesor other service activities can utilize a common set of componentsoftware applications, processes, functions or OS services. In suchcases, in order to implement background service policies and/or networkprotection service policies for service activity monitoring andaccounting, service activity launch control, user notification, ornetwork access control as described herein, it is necessary to associatethe specific network access data or information flows to and from thecommon component software applications, processes or functions thatbelong to the specific initiating application, process, function orother service activity that is to be managed according to a backgroundservice or network protection service policy set. In what follows, aspecific set of examples are provided on how to map common componentservice activity for a set of common OS functions referred to as proxyservice functions to a specific application, process, function, OSservice or other service activity for the purpose of implementing abackground service policy set or a network protection service policy setas described herein. Once these examples are reviewed, it will beobvious to one of ordinary skill in the art how to apply similar mappingof service activity for a common set of components to a service activitythat is to be managed in accordance with a background service policy setor a network protection service policy set as described herein.

In some embodiments, this ability to group usage for a common set ofservice activity components as described herein is used to improve usagereporting of service activities to a service controller for the purposeof statistically identifying service activities that are candidates forbackground service policy controls or network protections service policycontrols.

In some embodiments, a proxy network service manager refers to anintermediary data flow function in a device operating system that sitson a data path between a device application and a device networkingstack interface to provide a level of network service abstraction fromthe network stack interface, a higher level service function above thenetwork stack interface, enhanced or special traffic processingfunctions, media service transfer management, file download service,HTTP proxy service functions, QoS differentiation, or other similar orrelated higher level traffic processing. Example Proxy Service Managersinclude the following: media service manager (e.g. android media servicelibrary function), email service manger, DNS function, software downloadservice manager, media download manager (e.g. audio player, streamingmedia player, movie downloader, media service OS function, etc), datadownload service manager, Android “media” library function, Android.netlibrary function, Jave.net library function, Apache library function,other similar software/library functions or services in other deviceoperating systems, SMTP/IMAP/POP proxy, HTTP proxy, IM proxy, VPNservice manager, SSL proxy, etc. Herein these alternative network accessdata flows that are initiated by an application are termed applicationproxy service flows. In such embodiments an app can sometimes simplyrequests a network access service activity from an OS component such asa proxy service component rather then directly accessing the network. Insuch embodiments, in order to implement background service controls oruser notification of application service usage, it is necessary tomonitor the application proxy service flows, classify them as beinginitiated by or belonging to a particular application or serviceactivity, and implement the proper background service classifications,user notifications, application process launch intercept, backgroundservice accounting, and background service usage restrictions asdescribed herein in accordance with the policies intended for theinitiating application or service activity. This is accomplished byinserting service usage monitors that allow a mapping of (i) theinitiating application identifier (e.g. app name, app fingerprint,application identification tag, application process number, applicationcredential, or other secure or non-secure application or processidentifier) to (ii) the request to the proxy service and subsequently to(iii) the network service flows between the proxy service and thenetwork elements that service the information communications. Once thismapping is accomplished, the service usage flows of the proxy servicecan then be accounted back to the initiating application, devicesoftware process or other service activity, the proper policies can thenbe applied to each service usage flow for user notification, serviceactivity launch control, service activity background accounting(including variable charge rating dependent on background service stateand/or sponsored service charging), service activity background servicecontrols or network usage restrictions as described herein (includingbut not limited to for example: block network access, restrict networkaccess, throttle network access, delay network access, aggregate andhold network access, select for time of day network access restrictions,select network type restrictions, select roaming network accessrestrictions, select service usage restrictions such as a usage limit,select service cost restrictions such as a cost limit or otherwise placeon another form of background service status or network usagerestriction as described herein).

In some embodiments, this ability to track service usage for an serviceactivity through a proxy service as described herein is used to improveusage reporting of service activities to a service controller for thepurpose of statistically identifying service activities that arecandidates for background service policy controls or network protectionsservice policy controls.

In some embodiments, the various design techniques described herein thatallow for monitoring, accounting for and/or implementing service policyfor component service activities that belong to an aggregate serviceactivity can be designed into the OS itself. For example, in certaincurrent mobile OS implementations (e.g. Android, iPhone, Blackberry,etc) there are some applications available in the market that allow auser to get an estimate for how much data a certain subset ofapplications are consuming on a wireless service provider network, butit is not possible for the user or application to get an indication ofthe service usage for certain OS functions, whereas the embodimentsdisclosed herein will allow for this. As another example, in certaincurrent mobile OS implementations it is not possible to associate proxyservice usage (e.g. media download and media streaming proxy librarysoftware functions) with the specific applications that use the proxyservice, so while the user can be informed of generic common OSfunctions or proxy services (e.g. in the case of Android: “mediaservice”, “media”, “gallery”, “google service framework” and othergeneric common OS software library functions or proxy services), thereis no way for the user to determine what applications widgets or otherservice activities are actually generating this common service functionusage, whereas the invention described herein permits the user fullvisibility on such usage monitoring examples. Furthermore, if the OS isretrofitted with the intercept and policy implementation functions canbe designed into the activity manager, broadcast intent manger, mediaservice manager, service manager, or other application or serviceactivity management function in the Android OS. One or ordinary skill inthe art will recognize that similarly, the various design techniquesdescribed herein that allow for intercepting a service activityintention to launch, and applying a background service policy set or anetwork protection service policy set can be designed into applicationlaunch management functions in the iPhone OS, windows mobile OS, windowsPC OS, Blackberry OS, Palm OS, and other OS designs.

FIG. 19 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 1902, the process begins. At 1904, determining a networkbusy state of one or more networks is performed. In some embodiments,the one or more networks are selected from an access network, a wirednetwork, and a wireless network. At 1906, classifying a network serviceusage activity (e.g., a network capacity controlled service) of a devicebased on the network busy state determination is performed to facilitatedifferential network access control for protecting network capacity ofthe one or more networks. In some embodiments, the network busy state isbased on one or more of the following: network performance, networkcongestion, network availability, network resource availability, networkcapacity, or any other network service usage measure, and one or moretime windows (e.g., time based criteria). In some embodiments,protecting network capacity of the one or more networks includesprotecting network capacity of a last edge segment of a wireless network(e.g., RAN, BTS, BTSC, and/or other network elements). In someembodiments, the determining and classifying are performed using deviceassisted/based techniques. In some embodiments, the determining andclassifying are performed using network assisted/based techniques (e.g.,implemented on a network element/function, such as a service controller,a DPI gateway, a BTS/BTSC, etc., or a combination of network elements).In some embodiments, the determining and classifying are performed usinga combination of device assisted/based techniques and networkassisted/based techniques. At 1908, implementing differential trafficcontrols is performed based on the service usage activity classificationfor protecting network capacity is performed. At 1910, the process iscompleted. In some embodiments, a network busy state is determined basedon one or more of the following: a time of day, a network reported busystate, and/or a device (e.g., near-end and/or far-end)determined/reported network busy state. In some embodiments, a networkbusy state is determined using one or more of the following: a networkprobe, a device query, a network probe report (e.g., including a BTSand/or BTSC), a network probe analysis, a device analysis based onperformance of native traffic without probe such as TCP timeout, UDPretransmissions, a multiple network test, a device monitored networkcongestion based on network service usage activity (e.g., applicationbased network access performance data) performed for a network to whichthe device is connected and/or one or more alternative networks. In someembodiments, a network congestion state is associated with a networkbusy state (e.g. a network busy state setting/level). For example, anetwork congestion level of 40% of network usage can be associated witha network busy state setting of 4, a network congestion level of 80% ofnetwork usage can be associated with a network busy state setting of 8,and so forth.

FIG. 20 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 2002, the process begins. At 2004, monitoring a networkservice usage activity of a device in network communication isperformed. At 2006, classifying the network service usage activity(e.g., based on a classification of the network service usage activityfor protecting network capacity, for example, as a network capacitycontrolled service) for protecting network capacity is performed. At2008, accounting for network capacity controlled services (e.g.,accounting for the network service usage activity based on aclassification of the network service usage activity for protectingnetwork capacity) is performed. At 2010, charging for network capacitycontrolled services is performed. At 2012, the process is completed. Insome embodiments, DAS for protecting network capacity further includesclassifying the network service usage activity as a network capacitycontrolled service. In some embodiments, DAS for protecting networkcapacity includes differentially accounting and/or differentiallycharging for network capacity controlled services and foregroundservices. In some embodiments, the network service usage control policyincludes policies for differentially controlling, accounting, and/orcharging for network capacity controlled services (e.g., based on anetwork busy state, a time based criteria, a service plan, network towhich the device or network service usage activity is gaining accessfrom, and/or other criteria/measures). In some embodiments, accountingfor network capacity controlled services includes differentiallycollecting service usage for one or more network capacity controlledservice classes in which the accounting is modified/varies (e.g.,dynamically) based on one or more of the following: network busy state(e.g., modify/credit accounting during network congestion not satisfyingthe user preference), network service activity, access network (e.g.,the network to which the device/service activity is currentlyconnected), user preference selection, time based criteria (e.g.,current time of day/day of week/month), associated service plan, optionto time window. In some embodiments, charging for network capacitycontrolled services includes mapping an accounting to a charging report.In some embodiments, charging for network capacity controlled servicesincludes sending the charging report to a network element (e.g., aservice controller, a service cloud, a billing interface/server, and/oranother network element/function). In some embodiments, charging fornetwork capacity controlled services includes mediating or arbitratingCDRs/IPDRs for network capacity controlled service(s) vs. other networkservice usage activities or bulk network service usage activities. Insome embodiments, charging for network capacity controlled servicesincludes converting a charging report to a billing record or billingaction. In some embodiments, charging for network capacity controlledservices includes generating a user notification of network capacitycontrolled service charges upon request or based a criteria/measure(e.g., a threshold charging level and/or a threshold network serviceusage level). In some embodiments, charging for network capacitycontrolled services includes charge by application based on a chargingpolicy (e.g., bill by application according to billing policy rules,such as for billing to a user or to a sponsored service provider,carrier, and/or other entity).

FIG. 21 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. In some embodiments, DAS for protecting network capacityincludes providing a device service access API that provides aninterface for applications, OS functions, and/or other service usageactivities to a network access connection (e.g., or stack) for providingdifferential network access for protecting network capacity. In someembodiments, the differential network access is determined by one ormore of the following: a service priority of the service usage activityand a network busy state. At 2102, the process begins. At 2104, a deviceservice access API request is received. At 2106, the device serviceaccess API request is responded to. In some embodiments, thedifferential network access (e.g., for network capacity controlledservices and/or based on network busy state and/or othercriteria/measures) is implemented by one or more of the following:providing network busy state information to the service usage activity,receiving network busy state information, receiving network capacitydemands for the service usage activity, receiving a scheduled time/timeslot demand from the service usage activity, receiving and/or providingnetwork location and/or physical location information (e.g., basestation, communication channel, cell sector, roaming or non-roamingnetwork to which the device is connected, and/or GPS or other physicallocation data), providing information to the service usage activityinforming it when it is allowed to access the network, providinginformation to the service usage activity informing it what trafficcontrols must be applied/implemented, providing information to theservice usage activity informing it when the network is available to itfor access, and providing information to the service usage activity ofits scheduled access time/time slot (e.g., based on one or more of thefollowing: priority, network busy state, and time of day) (e.g., with aspecified performance level or service level, such as data transfersize, speed, network capacity controlled service priority level, QoSlevel, data transfer type, scheduling time(s), and/or network connectionparameters), and instructing the device and/or service usage activity totransition to a different state (e.g., power save state, sleep statedormant, idle, wait state, and/or an awake state). At 2108, differentialnetwork access is implemented. At 2110, the process is completed. Insome embodiments, the device service access API is a programmaticinterface, a virtual interface, and/or an emulated interface thatprovides instructions for differential access to a network to protectnetwork capacity, as described herein.

In some embodiments, the API is served or located on the device, on anetwork element (e.g., using a secure communication between the deviceand the network element for the API communication, such as HTTPS, TLS,SSL, an encrypted data connection or SS7 control channel, and/or otherwell known secure communication techniques), and/or both/partly in both.In some embodiments, a network based API is an API that facilitates anAPI or other interface communication (e.g. secure communication asdiscussed above) between an application executing on the device and anetwork element and/or service cloud for protecting network capacity.For example, a network API can provide an interface for an applicationto communicate with a service cloud (e.g., network server) for obtainingnetwork access control information (e.g., network busy state, multiplenetwork information based on available networks and/or network busystate information of available networks, network capacity controlledservice priorities and availability, scheduled time/time slots fornetwork access based on network busy state, service plan, networkcapacity controlled service, and/or other criteria/measures). As anotherexample, a network API can facilitate an application provider, centralnetwork/service provider, and/or a third party with access tocommunicate with the application to provide and/or request information(e.g., physical location of the application, network location of theapplication, network service usage information for the application,network busy state information provided to the application, and/or othercriteria/measures). As yet another example, a network API can facilitatea broadcast to one or more applications, OS functions, and/or devices(e.g., partitioned based on geography, network, application, OSfunction, and/or any other criteria/measure) with network capacityrelated information (e.g., network busy state, availability based onnetwork capacity controlled service classification and/or prioritylevel, scheduled time/time slots for certain network capacity controlledservice classification and/or priority level, emergency/high prioritysoftware/antimalware/vulnerability update and scheduled time/time slotsfor such software updates, and/or other criteria/measures). In someembodiments, the network access API for protecting network capacity isan open API or standard/required API (e.g., required or standardized forapplications for a certain network service provider, such as to beprovided via the Verizon application store or the Apple AppStore)published for application and OS developers so that the applications andOS functions are designed to understand and implement the network accessAPI for protecting network capacity. For example, a certificationprogram can be established to provide application and OS developers withtest specifications, working implementations, and/or criteria to makesure the network access API is properly implemented and is functioningin accordance with the specified requirements. In some embodiments, thenetwork access API is an interface for communication with a servicecontroller (e.g., service controller 122) or another networkelement/function (e.g., a service usage API for communication with aservice usage server or billing interface/server or another networkelement/function that facilitates a secure communication forsending/receiving or otherwise communicating network access relatedinformation for protecting network capacity). In some embodiments, thenetwork API provides for sponsored billing (e.g., reverse billing) ofall, classified, and/or a subset of network service usage charges to asponsored partner associated with the network service usage activity(e.g., application) that accesses the network API. In some embodiments,the network API provides for a sponsored service in which the networkservice usage activity (e.g., application) that accesses the network APIprovides a sponsored service partner credential to the network API, thecredential is used as a billing mechanism to charge the sponsoredpartner, the user account is mediated to remove the sponsored partnercharge, and the network API provides access service and/or informationservice (e.g., location information, local information, contentinformation, network information, and/or any other information).

FIG. 22 illustrates another flow diagram for device assisted services(DAS) for protecting network capacity in accordance with someembodiments. At 2202, the process begins. At 2204, network service usageactivities of a device are monitored (e.g., using a verified/verifiableservice processor). At 2206, a network busy state (e.g., a measure ofnetwork capacity, availability, and/or performance) is determined basedon the monitored network service usage activities (e.g., using varioustechniques as described herein). In some embodiments, a serviceprocessor on the device is used to determine (e.g., measure and/orcharacterize) a network busy state experienced by the device (e.g.,which can be used to determine the network access control policy for oneor more network capacity controlled services). At 2208, a network busystate report is sent to a network element/function (e.g., a servicecontroller and/or another network element/function as described herein).At 2210, the process is completed. In some embodiments, the serviceprocessor is verified using various techniques described herein. In someembodiments, the network busy state report includes one or more of thefollowing: data rate, latency, jitter, bit error rate, packet errorrate, number of access attempts, number of access successes, number ofaccess failures, QoS level availability, QoS level performance, andvariability in any of the preceding parameters. In some embodiments, thenetwork busy state report includes one or more of the following: basestation ID, cell sector ID, CDMA ID, FDMA channel ID, TDMA channel ID,GPS location, and/or physical location to identify the edge networkelement that is associated with the network busy state report to anetwork element. In some embodiments, the monitoring of network serviceusage activities includes measuring the network performance for trafficthe device is transmitting/receiving and/or generating networkperformance testing traffic. In some embodiments, the network busy stateis collected (e.g., and/or used to assist, supplement, and/or verifydevice based network busy state measures) by one or more networkelements that can measure and/or report network busy state (e.g., BTS,BTSC, base station monitor, and/or airwave monitor). For example,airwave monitors and/or base station monitors can be provided tofacilitate a reliable characterization of network busy state in acoverage area of one or more base stations and/or base station sectors,such as affixed mobile terminals (e.g., trusted terminals that caninclude additional network busy state monitoring and/or reportingfunctionality) installed (e.g., temporarily or permanently) in thecoverage area of one or more base stations and/or base station sectors(e.g., in which a sector is the combination of a directional antenna anda frequency channel) so that the affixed mobile terminals performnetwork busy state monitoring and reporting to the service controller,the local base station, and/or other network element(s)/function(s) assimilarly described herein. In some embodiments, the permanently affixedmobile terminals provide network monitors for reporting, for example,network busy state, to a central network element, such as the servicecontroller, which can, for example, aggregate such network busy stateinformation to determine network busy state for one or more networkcoverage areas. In some embodiments, the permanently affixed mobileterminals are always present in these locations where installed andalways on (e.g., performing network monitoring), and can be trusted(e.g., the permanently affixed mobile terminals can be loaded withvarious hardware and/or software credentials). For example, using thepermanently affixed mobile terminals, a reliable characterization ofnetwork busy state can be provided, which can then be reported to acentral network element and aggregated for performing various networkbusy state related techniques as described herein with respect tovarious embodiments. In some embodiments, the network element/functionuses the network busy state report (e.g., and other network busy statereports from other devices connected to the same network edge element)to determine the network busy state for a network edge element connectedto the device. In some embodiments, network element/function sends abusy state report for the network edge element to the device (e.g., andto other devices connected to the same network edge element), which thedevice can then use to implement differential network access controlpolicies (e.g., for network capacity controlled services) based on thenetwork busy state. In some embodiments, a network busy state isprovided by a network element (e.g., service controller or servicecloud) and broadcast to the device (e.g., securely communicated to theservice processor).

FIG. 23 illustrates a network capacity controlled services prioritylevel chart for device assisted services (DAS) for protecting networkcapacity in accordance with some embodiments. In some embodiments,various applications, OS functions, and/or other utilities/toolsinstalled/loaded onto and/or launched/executing/active on acommunications device (e.g., device 100) are classified as networkcapacity controlled services for protecting network capacity. In someembodiments, one or more of the network capacity controlled services areassigned or classified with network capacity controlled service levelsor priority levels for protecting network capacity. In some embodiments,one or more of the network capacity controlled services are dynamicallyassigned or classified with network capacity controlled service levelsor priority levels based on one or more criteria/measures (e.g., dynamiccriteria/measures), such as network busy state, current access network,time based criteria, an associated service plan, and/or othercriteria/measures. In some embodiments, a higher priority level meansthat the application or utility/function is granted higher relativepriority for network access (e.g., a priority level 10 can provide forguaranteed network access and a priority level 0 can provide a blockednetwork access, while priority levels between 1 through 9 can providerelatively increasing prioritized network access potentially relative toallocated network access and other services requesting network access).

As shown in FIG. 23, the network capacity controlled services aredynamically assigned or classified with network capacity controlledservice levels or priority levels based on the network busy state of thecurrent access network. For example, an email application, MicrosoftOutlook, is assigned different priority levels for protecting networkcapacity based on the network busy state, as shown: a priority level 6for a network busy state (NBS) level of 10% (e.g., up to about 10% ofthe network capacity is being utilized based on current or recently/lastmeasured/detected/determined network capacity/resources usage usingvarious techniques as described herein), a priority level 5 for anetwork busy state (NBS) level of 25%, a priority level 4 for a networkbusy state (NBS) level of 50%, a priority level 3 for a network busystate (NBS) level of 75%, and a priority level 2 for a network busystate (NBS) level of 90%. As also shown, an antivirus (AV) softwareupdate application/utility/function is assigned different prioritylevels for protecting network capacity based on the network busy state:a priority level 9 for a network busy state (NBS) level of 10%, apriority level 7 for a network busy state (NBS) level of 25%, a prioritylevel 5 for a network busy state (NBS) level of 50%, a priority level 3for a network busy state (NBS) level of 75%, and a priority level 1 fora network busy state (NBS) level of 90%. Various other applications andutilities/functions are shown with various priority levelassignments/classifications based on the network busy state levels shownin the network capacity controlled services priority level chart of FIG.23. As will be apparent to one of ordinary skill in the art, variousassignments and/or techniques for dynamically assigning priority levelsfor network access based on network busy state levels can be applied forprotecting network capacity (e.g., based on user preferences, serviceplans, access networks, a power state of device, a device usage state,time based criteria, and various other factors such as higher priorityfor urgent software and/or security updates, such as a high prioritysecurity or vulnerability software patch or update, and/or urgent orhigh priority emails or other communications, such as a 911 VOIP call).

Referring again to FIGS. 1 through 3, DAS for protecting networkcapacity is implemented using a service processor (e.g., a serviceprocessor 115) of the device (e.g., a device 100) using various DAStechniques as described herein to facilitate differential networkservice access control (e.g., for network capacity controlled services)to assist in protecting network capacity in accordance with someembodiments. In some embodiments, the service processor and/or one ormore agents of the service processor is/are verified using one or moreof the following verification techniques (e.g., and/or to specificallyverify monitoring the network service usage activity, classifying one ormore service activities into one or more network capacity controlledservice classes, associating the one or more network capacity controlledservice classes with one or more differential service activity policies,and/or determining a network busy state): compare a network basedservice usage measure with a service policy and/or service planassociated with the device, compare a device assisted service usagemeasure with the service policy and/or service plan associated with thedevice, compare the network based service usage measure to the deviceassisted service usage measure, compare a first device assisted serviceusage measure to a second device assisted service usage measure, verifypresence of the service processor and/or one or more agents of theservice processor, verify configuration of the service processor, verifyservice usage activities are reported properly (e.g., using test serviceusages to generate service usage events/reports for analysis andconfirmation), verify billing events are reported properly, compare thenetwork based service usage measure with reported device billing data,verify reporting of a test billing event, verify reporting of thecommunications device reports billing events from a transaction server,verify presence of an activation tracking system, verify deviceconfiguration or operation, verify device standing or service planstanding, verify proper operation of the service processor, verifyservice processor heartbeat response reports, verify monitoring of atest service event, download a new service processor (e.g., and/or oneor more agents or new configuration settings of the service processor)and perform integrity checks, verify a service processor codeconfiguration with agent self-diagnosis checks, verify that thecommunications device uses the first service only after beingauthorized, verify user standing, verify a network busy state (e.g.,compare and/or statistically process network busy state measures frommore than one device in which the network busy state monitoringapparatus, for example, is located in a secure execution environment onthe device), verify various differential network access controlimplementations (e.g., network capacity controlled services are properlymonitored/determined/detected, controlled, accounted for, and/or chargedfor), verify various QoS implementations (e.g., as discussed above), andverify an agent communications log. Various other verificationtechniques are described herein and similar and other verificationtechniques for providing DAS for protecting network capacity usingdevice based implementations (e.g., service processors and/or otherdevice based agents or software/hardware techniques) will now beapparent to one of ordinary skill in the art in view of the variousembodiments described herein.

In some embodiments, the service processor is secured using varioushardware and software techniques described herein, including, forexample, implementing all and/or portions of the service processor in asecure virtual machine, protected execution environment, secure storage(e.g., secure memory), secure modem, and/or other secure implementationtechniques as described herein and/or other or similar techniques aswill now be apparent to one of ordinary skill in the art in view of thevarious embodiments described herein. For example, the service processorcan be implemented in software and executed in a protected area of an OSexecuted on the device and/or executed in protected execution partitions(e.g., in CPU, APU, SIM chipset, modem, modem secure executionpartition, SIM, other hardware function on the device, and/or anycombination of the above).

In some embodiments, a network service usage counter is embedded into asecure execution environment (e.g., a program store in securenon-volatile memory located on a modem card and/or a modem chip notaccessible by device applications, secure CPU environment for executingprogram and/or secure program operation for data path monitoring and/orcontrol that cannot be bypassed by device applications to get to themodem connection to the network) in a device modem (e.g., usingmeasurement points V, VI, and/or other measurement points of FIG. 12).In some embodiments, the service usage counter counts data traffic(e.g., bytes and/or any other measure of service usage, such as filetransactions, message transactions, connection time, time of connectionor duration of connection, and/or traffic passed or transactions passedfor a given QoS or network capacity controlled service priority level),traffic as a function of time, traffic according to a network serviceactivity classification (e.g., by application, destination/source, port,traffic type, content type, time of day, network busy state, and/or anyother criteria/measure). In some embodiments, the service usage countercounts data traffic (e.g., as discussed above) while coordinating with aVPN layer established, for example, for both layer-III (e.g., IPSEC) andlayer-II (e.g., L2TP tunnel) so that precise over the air service usagemeasure is counted for billing mediation and/or network service usagecharging (e.g., customer billing, sponsored service bill by serviceand/or any other charging or billing). In some embodiments, the serviceusage counter counts data traffic (e.g., as discussed above) whilecoordinating with accelerator software (e.g., acompression/decompression engine) which transforms frames for moreefficient over the air transmission. As similarly discussed above,service processor coordination with the accelerator layer facilitates aprecise over the air service usage measure for billing mediation and/ornetwork service usage charging. In some embodiments, the service usagecounter counts data traffic (e.g., as discussed above) whilecoordinating with both the VPN layer and accelerator software layer tofacilitate a precise over the air service usage measure for billingmediation and/or network service usage charging.

In some embodiments, the service usage counter reports the service usageto a network element (e.g., a service controller, charging gateway,PCRF, AAA, HA, billing system, mediation system, traffic accountingdatabase, base station or base station controller, and/or anothernetwork element/function or central network element/function). In someembodiments, the information reported to the network element isencrypted or signed with a corresponding key known by the networkelement. In some embodiments, the communication link to the networkelement to pass the service usage count is conducted over a wirelessnetwork specific channel such as SMS, MMS, SS-7, or another specializedcontrol channel. In some embodiments, the communications link to thenetwork element to pass the service usage count is conducted over anetwork channel (e.g., via IP, TCP, UDP, HTTP, HTTPS, TLS, SSL, point topoint signed variants of TLS or SSL, or another data network channel viathe network control channel connection to the device). In someembodiments, the data network control channel traffic is injected intothe PPP stream at the modem. In some embodiments, the data networkcontrol channel traffic is passed up to the device networking stack forconnection to the network. In some embodiments, a signed or encryptedservice usage count from the modem subsystem is coordinated to provide aservice usage count for a time period that also corresponds to a similartime period for a service processor heartbeat report that includes aservice usage measure or count. For example, this provides the servicecontroller or another network element with a secondary set ofinformation that can be used to verify and/or secure the service usagemeasures reported by the service processor. Various techniques can beused to synchronize the time period for the modem service usage countand the service processor service usage count. For example, the serviceprocessor can request a latest count message from the modem, in whichthe modem counts all service usage since the previous request for latestcount until the present request for latest count, encrypts the latestcount message so that the service processor or other applicationsoftware or OS software on the device cannot decode and/or tamper withthe message, and the modem service usage counter then passes theencrypted message to the service processor. The service processor canthen pass the encrypted service usage count message from the modem tothe service controller along with the service processor service usageaccounting message(s) for the same or similar time period. The servicecontroller can then decode both service count messages from the securemodem subsystem and the service processor and correlate the two measuresto verify the service usage reporting by, for example, looking fordiscrepancies that would indicate service usage control or chargingerrors or device service processor tampering. In some embodiments, thesecure modem subsystem records byte counts for streams (e.g., and/orflows, socket connections, or combinations of IPdestination/source/ports), potentially along with time of day, networkbusy state, QoS level, and/or other criteria/measures, and reports thesecounts for each stream that had traffic activity during the currentreporting interval. For example, the service controller can thencorrelate the stream service usage information with the service usageinformation provided by the service processor heartbeat service usagereport to verify that the service processor service usage report isconsistent with the independent measure made in the modem subsystem. Insome embodiments, service usage reports (e.g., certified service usagereports) are correlated on the device and/or in the network (e.g., usingone or more network elements/functions, such as the service controller).

In some embodiments, a deeper analysis of traffic can be conducted inthe modem subsystem service usage count. For example, a layer 7 analysisof the service usage can be conducted for HTTP or HTTPS traffic flowingthrough the modem in which the modem subsystem service usage counterperforms an HTTP level analysis of the traffic to associate web trafficgets and other transfers with a given higher level serviceclassification (e.g., ad server, content server, proxy server, and/ortraffic that is referred by the local host serving up a web page). Insome embodiments, the modem subsystem service usage count can beaugmented for HTTPS, SSL or TLS traffic by including a trusted proxyserver embedded in the modem system. For example, the proxy server canbe trusted by the device stack so that the encryption keys for HTTPS,TLS or SSL are known by the proxy server allowing the modem based proxyserver, located, for example, in a secure execution environment, toperform layer 7 analysis of encrypted traffic in a manner similar tothat described above. In some embodiments, the embedded proxy servergenerates server SSL certificates for each connection to a specificremote host in real time based on a root certificate trusted by thedevice (e.g., and/or by network service usage activity, such as byapplication) and also trusted by the embedded proxy server, and theproxy server then becomes a middle man emulating a remote SSL host onone side and emulating the device (e.g., and/or network service usageactivity, such as application) on the other side, decrypting thetraffic, analyzing it and re-encrypting before forwarding to and fromthe remote host. Similarly, as in the case of layer 3 and 4 trafficanalysis performed by the modem service usage counting subsystem, thelayer 7 service usage count messages can be encrypted and passed to theservice controller via various channels. In some embodiments, the layer7 modem subsystem service usage counting system records service usagecounts for a reporting time period that is similar to the reporting timeperiod used by the service processor so that the service controller cancorrelate the service processor accounting messages against the modemaccounting messages with layer 7 information.

In some embodiments, the secure service usage reporting system elementsare located in a secure execution environment that includes the modemdriver. In some embodiments, all traffic that gets to the modem for thenetwork traffic being controlled or accounted for is required to gothrough the secure modem driver so that an independent count can begenerated and reported to the service controller as described abovewithout the need to embed the secure service usage counting andreporting elements in the modem.

In some embodiments, the secure service usage reporting system elementsare located in a secure execution environment that includes the modemdriver and modem hardware interface controller driver (e.g. USBcontroller for 2/3/4G and SDIO controller for WiFi). In someembodiments, all traffic that gets to the modem for the network trafficbeing controlled or accounted for is required to go through the securemodem driver and modem hardware interface controller driver (e.g. USBcontroller for 2/3/4G and SDIO controller for WiFi) so that precisecount can be generated by either the modem driver and/or modem hardwareinterface controller driver (e.g. USB controller for 2/3/4G and SDIOcontroller for WiFi) and passed to the secure service usage reportingelement to send it to the service controller for customercharging/billing. This scheme provides flexibility (e.g., most of thedevice software and operation system and its services/applications neednot be located/executed in the secure execution environment) whileensuring usage counting to occur securely as it pertains to the customeraccounting and billing.

In some embodiments, the layer 7 proxy server traffic accounting andreporting techniques used for processing HTTPS, TLS, and SSL traffic, asdiscussed above, are also used in the service processor itself to allowa detailed accounting of encrypted layer 7 traffic by the device. Insome embodiments, the information thus obtained is filtered so thatprivate user information is not transmitted to the network (e.g.,service controller, PCRF, and/or any other network element/function) butonly service usage information sufficient to allow for accounting ofservice plan usage, to verify service control policy implementation, orto verify service charging policy implementation is transmitted to thenetwork (e.g., service controller, PCRF, and/or any other networkelement/function). In some embodiments, the layer 7 proxy server forprocessing secure or in the clear device service usage accountingmessages is located in secure hardware execution environments in thedevice application processor or within secure software partitions in theoperating system.

Various techniques can be used to verify and/or secure service usagecontrols or service usage charging reports. For example, if thesecondary service usage reports indicate that service usage is outsideof the service usage policy limits that are intended to be in effect(e.g., based on a service plan and/or service policy associated with thedevice), then the service controller can indicate an error flag forfurther analysis and action (e.g., implementing various verification andresponsive actions as described herein, such as blocking the activity,throttling the activity, quarantining the device, updating/replacing theservice processor, and/or monitoring the device using various additionalDAS and/or network assisted monitoring techniques). As another example,if the service usage reports from the service processor do not match upwith the secondary service usage reports, then the service controllercan indicate an error flag for further analysis and action. For example,the correlation can be based on bulk measures of service usage (e.g.,total bytes over a given period of time), or using finer grain measuresof service usage (e.g., verifying the accounting between one group ofservice usage activities, such as application, destination/source, port,content type, time of day, network busy state, QoS level, and/or othercriteria/measures) charged to one service plan charging record versusthe accounting for another group of service usage activities charged toanother service plan charging record. In some embodiments, thecorrelation process between the two service usage accounting reports isperformed continuously on all device traffic in real time or near realtime as the usage accounting reports are received. In some embodiments,the usage accounting reports are stored and analyzed or correlated later(e.g., periodically, based on a request or audit, and/or based oncertain events, such as threshold network service usage events and/orany other events based on various criteria/measures). In someembodiments, only an audit of a portion of time is used to correlate thetwo usage accounting reports, which, for example, can reduce networktraffic and/or network processing load in the service controller.

In some embodiments, correlation techniques are applied by the servicecontroller to compare two different service usage measures as describedabove based on one or more of the following: total amount of data (e.g.,bytes for file transfers, sessions, and/or other measures), amount ofdata per unit time, total number of accesses, number of accesses perunit time or frequency of accesses, accesses during a time interval(e.g., peak time), accesses during a network busy state, accessrequests, and individual versus group transmissions at a point in time(e.g., each for a given set of destinations or destinations and traffictypes).

In some embodiments, service usage monitoring includes characterizingservice usage activities by streams, flows, destination/port, packetinspection, and/or other criteria/measures using the various techniquesas described herein and/or other or similar techniques as would beapparent to one of ordinary skill in the art. In some embodiments,service usage monitoring includes characterizing service usageactivities by streams, flows, destination/port, packet inspection,and/or other criteria/measures and then correlating to find networkservice usage behavior patterns that identify likely association ofbehavior with one or more service activities being managed.

In some embodiments, DAS for network capacity control includesclassifying traffic to determine which network service usageactivity(ies) are causing traffic (e.g., increasing networkcapacity/resources usage beyond a threshold), and then determining ifaccess network service usage activity(ies) are violating any rules(e.g., service usage policies or service plan settings associated withthe device/user). In some embodiments, DAS for network capacity controlincludes generating a list for network capacity controlled services thatspecifies behavioral characteristics for one or more network serviceusage activities with expected access limits based on access controlpolicy for each managed network service usage activity (e.g., based onservice usage policies or service plan settings associated with thedevice/user). In some embodiments, DAS for network capacity controlincludes monitoring and/or controlling network service usage activitiesbased on limits, which, for example, can be based on one or more of thefollowing: total access traffic counters, counters for different typesof access traffic, destinations, ports, frequency of accesses, accessbehavior during a given time, access behavior during a given busy state,access behavior for groups of activities (e.g., verify clumping), and/orother criteria/measures.

Accordingly, in some embodiments, a second secure and trusted serviceusage measure is provided that the service controller (e.g., or anothernetwork element/function) can use to verify or secure the servicecontrol or service charging reports for the service processor. In someembodiments, the secure and trusted service usage measure also providesfor enhanced verification and service security in cases, in which, forexample, network based service usage measures are available foradditional correlation with the service processor service usage reports.In cases in which network based service usage measures are either notavailable or are only available at widely spaced time intervals (e.g.,roaming networks or other networks with no timely network based serviceusage measure), these techniques facilitate real time or near real timeverification or security for the device assisted service controls andcharging.

In some embodiments, a SIM card performs a portion or all of the secureenvironment processing described above, with the device modem traffic,or a copy of the device modem traffic, being directed to the SIM securesubsystem for traffic accounting and reporting. In some embodiments, aSIM card is used to store QoS classifications and/or network capacitycontrolled services classifications for various service usage activitiesso that the user behavior in using certain network service usageactivities and/or the user preferences in controlling certain networkservice usage activities do not need to be relearned or redownloaded asthe user swaps the SIM between different devices. In some embodiments,the SIM keeps a local record of service usage activity for multipledevices that belong to the user or the user family plan, so that theservice usage notification and policies can be immediately updated on agiven device as the user swaps the SIM from device to device. In someembodiments, the manner in which this service usage history is stored onthe SIM is secure so that it cannot be tampered with. In someembodiments, the SIM card is used to implement various applicationmanagement and/or traffic control techniques described herein. In someembodiments, the SIM card is used to inspect traffic, classify traffic,create reports (e.g., certified service activity usage reports), encryptthe report, send the report to a network element/function, and thenetwork element/function correlates the reports (e.g., using networkassisted measures for comparisons and/or using various other techniquesas described herein). In some embodiments, a SIM card performs a portionor all of the secure environment processing described above using one ormore modem measurement points. For example, the traffic that is to beclassified can be routed through the SIM and correlated with what ismeasured by the modem. In some embodiments, network assisted/basednetwork service usage activity classifications are compared SIMbased/assisted classifications for service usage monitoring/reportingverification (e.g., detected inconsistencies in monitored/reportednetwork service usage activities can be identified, such as based ontotal traffic, streams/flows/sockets activities, and/or othercriteria/measures). In some embodiments, the reports include a verifiedsequence so that reports cannot be spoofed and/or missing reports can bedetermined.

In some embodiments, a portion or all of the secure environmentprocessing described above are applied to implement and/or verify QoSfor DAS techniques and/or DAS for network capacity controlled servicestechniques as described herein.

In some embodiments, the reports include one or more of the following: anumber of times the device is cycled from or to a power cycle state inthe modem, a number of times during a time window or network busy state,a power cycle versus number of streams initiated during the cycle, and apower cycle versus the streams that are transmitted during that cycle,In some embodiments, device power cycle events trigger generating of areport.

In some embodiments, monitoring, reporting, control, accounting,charging, and/or policy implementation for network capacity controlledservices is verified (e.g., using various verification techniquesdescribed herein). If any of the verification techniques determine orassist in determining that the network capacity controlled servicesmonitoring, reporting, control, accounting, and/or charging, and/orpolicy implementation has been tampered with, disabled, and/or is notproperly implemented or functioning, then responsive actions can beperformed, for example, the device (e.g., and/or suspect services) canbe suspended, quarantined, killed/terminated, and/or flagged for furtheranalysis/scrutiny to determine whether the device is malfunctioning,needs updating, has been tampered with or compromised, is infected withmalware, and/or if any other problem exists.

In some embodiments, the service processor monitors a network serviceusage activity of a device. In some embodiments, monitoring of theservice usage activity includes monitoring for multiple networks (e.g.,to determine which networks are available and/or a network busy state ofthe available networks). In some embodiments monitoring a networkservice usage activity is performed by and/or assisted by a servicecloud (e.g., one or more network elements that provide such a service).In some embodiments, monitoring the network service usage activityincludes identifying the network service usage activity, measuring thenetwork service usage of the network service usage activity, and/orcharacterizing the network service usage of the network service usageactivity (e.g., using device assisted/based techniques, networkassisted/based techniques, testing/offline monitoring/analysistechniques, and/or a combination thereof).

In some embodiments, the service processor implements differentialnetwork access service control (e.g., for network capacity controlledservices), network service usage accounting, network service usagecharging, and/or network service usage notification on the device tofacilitate DAS for protecting network capacity.

In some embodiments, the service processor (e.g., a service processor115) is updated, communicated with, set, and/or controlled by a networkelement (e.g., a service controller 122). In some embodiments, theservice processor receives service policy information from a networkfunction selected from a base station (e.g., a base station 125), a RANgateway, a core gateway, a DPI gateway, a home agent (HA), a AAA server(e.g., AAA server 121), a service controller, and/or another networkfunction or combinations of network functions as described herein and/oras will now be apparent to one of ordinary skill in the art in view ofthe various embodiments described herein. In some embodiments, theservice processor is updated through over the air or over the network OSsoftware updates or application software updates or device firmwareupdates. In some embodiments, the service processor uses an IPconnection, SMS connection, and/or MMS connection, for a control channelwith a service controller. In some embodiments, the service processorqueries a service controller to determine the association of a monitorednetwork service usage activity with a network service usage controlpolicy. In some embodiments, the device (e.g., service processor)maintains a network capacity controlled services list and/or networkcapacity controlled services policy for one or more of the activeservices (e.g., actively executing and/or previouslyinstalled/downloaded to the device) that have been classified as anetwork capacity controlled service (e.g., as the number of applicationscontinues to grow, as hundreds of thousands of applications are alreadyavailable on certain platforms, maintaining a list specific and/or a setof policies unique or specific to each application is not efficient). Inthis embodiment, when a new application is active/launched and/ordownloaded to the device, the device can request an updated networkcapacity controlled services list and/or an updated network capacitycontrolled services policy accordingly (e.g., and/or periodicallyrefresh such lists/policies).

In some embodiments, differential network access control for protectingnetwork capacity includes controlling network services traffic generatedby the device (e.g., network capacity controlled services based on anetwork service usage control policy (e.g., a network capacitycontrolled services policy). In some embodiments, differential networkaccess control for protecting network capacity includes providingassistance in control of the distribution of bandwidth among devices,network capacity controlled services (e.g., applications, OSoperations/functions, and various other network services usageactivities classified as network capacity controlled services), adifferentiated QoS service offering, a fair sharing of capacity, a highuser load network performance, and/or preventing one or more devicesfrom consuming so much network capacity that other devices cannotreceive adequate performance or performance in accordance with variousthreshold and/or guaranteed service levels. In some embodiments,differential network access control for protecting network capacityincludes applying policies to determine which network the serviceactivity should be connected to (e.g., 2G, 3G, 4G, home or roaming,WiFi, cable, DSL, fiber, wired WAN, and/or another wired or wireless oraccess network), and applying differential network access control rules(e.g., traffic control rules) depending on which network to which theservice activity is connected. In some embodiments, differential networkaccess control for protecting network capacity includes differentiallycontrolling network service usage activities based on the service usagecontrol policy and a user input (e.g., a user selection or userpreference). In some embodiments, differential network access controlfor protecting network capacity includes differentially controllingnetwork service usage activities based on the service usage controlpolicy and the network the device or network service activity is gainingaccess from.

In some embodiments, the network service usage control policy is dynamicbased on one or more of the following: a network busy state, a time ofday, which network the service activity is connected to, which basestation or communication channel the service activity is connected to, auser input, a user preference selection, an associated service plan, aservice plan change, an application behavior, a messaging layerbehavior, random back off, a power state of device, a device usagestate, a time based criteria (e.g., time/day/week/month,hold/delay/defer for future time slot, hold/delay/defer for scheduledtime slot, and/or hold/delay/defer until a busy state/availabilitystate/QoS state is achieved), monitoring of user interaction with theservice activity, monitoring of user interaction with the device, thestate of UI priority for the service activity, monitoring the powerconsumption behavior of the service activity, modem power cycling orpower control state changes, modem communication session set up or teardown, and/or a policy update/modification/change from the network. Insome embodiments, the network service usage control policy is based onupdated service usage behavior analysis of the network service usageactivity. In some embodiments, the network service usage control policyis based on updated activity behavior response to a network capacitycontrolled service classification. In some embodiments, the networkservice usage control policy is based on updated user input/preferences(e.g., related to policies/controls for network capacity controlledservices). In some embodiments, the network service usage control policyis based on updates to service plan status. In some embodiments, thenetwork service usage control policy is based on updates to service planpolicies. In some embodiments, the network service usage control policyis based on availability of alternative networks. In some embodiments,the network service usage control policy is based on policy rules forselecting alternative networks. In some embodiments, the network serviceusage control policy is based on network busy state or availabilitystate for alternative networks. In some embodiments, the network serviceusage control policy is based on specific network selection orpreference policies for a given network service activity or set ofnetwork service activities.

In some embodiments, associating the network service usage activity witha network service usage control policy or a network service usagenotification policy, includes dynamically associating based on one ormore of the following: a network busy state, a time of day, a userinput/preference, an associated service plan (e.g., 25 MB data plan, 5Gdata plan, or an unlimited data plan or other data/service usage plan),an application behavior, a messaging layer behavior, a power state ofdevice, a device usage state, a time based criteria, availability ofalternative networks, and a set of policy rules for selecting and/orcontrolling traffic on one or more of the alternative networks.

In some embodiments, a network service usage control policy (e.g., anetwork capacity controlled services policy) includes defining thenetwork service usage control policy for one or more service plans,defining network access policy rules for one or more devices or groupsof devices in a single or multi-user scenarios such as family andenterprise plans, defining network access policy rules for one or moreusers or groups of users, allowing or disallowing network access eventsor attempts, modulating the number of network access events or attempts,aggregating network access events or attempts into a group of accessevents or attempts, time windowing network access events or attempts,time windowing network access events or attempts based on theapplication or function being served by the network access events orattempts, time windowing network access events or attempts topre-determined time windows, time windowing network access events orattempts to time windows where a measure of network busy state is withina range, assigning the allowable types of access events or attempts,assigning the allowable functions or applications that are allowednetwork access events or attempts, assigning the priority of one or morenetwork access events or attempts, defining the allowable duration ofnetwork access events or attempts, defining the allowable speed ofnetwork access events or attempts, defining the allowable networkdestinations for network access events or attempts, defining theallowable applications for network access events or attempts, definingthe QoS rules for one or more network access events or attempts,defining or setting access policy rules for one or more applications,defining or setting access policy rules for one or more networkdestinations, defining or setting access policy rules for one or moredevices, defining or setting access policy rules for one or more networkservices, defining or setting access policy rules for one or moretraffic types, defining or setting access policy rules for one or moreQoS classes, and defining or setting access policy rules based on anycombination of device, application, network destination, networkservice, traffic type, QoS class, and/or other criteria/measures.

In some embodiments, a network service usage control policy (e.g., anetwork capacity controlled services policy) includes a traffic controlpolicy. In some embodiments, the traffic control policy includes atraffic control setting. In some embodiments, the traffic control policyincludes a traffic control/tier, and the traffic control/tier includesthe traffic control setting. In some embodiments, the traffic controlpolicy includes one or more of the following: block/allow settings,throttle settings, adaptive throttle settings, QoS class settingsincluding packet error rate, jitter and delay settings, queue settings,and tag settings (e.g., for packet tagging certain traffic flows). Insome embodiments, QoS class settings, include one or more of thefollowing: throttle level, priority queuing relative to other devicetraffic, time window parameters, and hold or delay while accumulating oraggregating traffic into a larger stream/burst/packet/group of packets.In some embodiments, the traffic control policy includes filtersimplemented as indexes into different lists of policy settings (e.g.,using cascade filtering techniques), in which the policy filters includeone or more of the following: a network, a service plan, an application,a time of day, and a network busy state. For example, a two dimensionaltraffic control implementation scheme can be provided using a networkbusy state and/or a time of day as an index into a traffic controlsetting (e.g., a certain application's priority level can be increasedor decreased based on a network busy state and/or time of day). In someembodiments, the traffic control policy is used for selecting thenetwork from a list of available networks, blocking or reducing accessuntil a connection is made to an alternative network, and/or modifyingor replacing a network stack interface of the device to provide forintercept or discontinuance of network socket interface messages toapplications or OS functions.

In some embodiments, a traffic control setting is selected based on thenetwork service usage control policy. In some embodiments, the trafficcontrol setting is implemented on the device based on the networkservice usage control policy. In some embodiments, the implementedtraffic control setting controls traffic/traffic flows of a networkcapacity controlled service. In some embodiments, the traffic controlsetting is selected based on one or more of the following: a time ofday, a day of week, a special time/date (e.g., a holiday or a networkmaintenance time/date), a network busy state, a priority levelassociated with the network service usage activity, a QoS classassociated with the network service usage activity (e.g., emergencytraffic), which network the network service activity is gaining accessfrom, which networks are available, which network the network serviceactivity is connected to, which base station or communication channelthe network service activity is connected to, and a network dependentset of traffic control policies that can vary depending on which networkthe service activity is gaining access from (e.g., and/or various othercriteria/measures as described herein). In some embodiments, the trafficcontrol setting includes one or more of the following: allow/block,delay, throttle, QoS class implementation, queue, tag, generate a usernotification, random back off, clear to send received from a networkelement, hold for scheduled transmission time slot, selecting thenetwork from the available networks, and blocking or reducing accessuntil a connection is made to an alternative network. In someembodiments, the traffic control setting is selected based on a networkcapacity controlled services priority state of the network service usageactivity and a network busy state. In some embodiments, the trafficcontrol setting is selected based on a network capacity controlledservices priority state of the network service usage activity and anetwork busy state and is global (e.g., the same) for all networkcapacity controlled services activities or varies based on a networkservice usage activity priority, user preferences or option selection,an application, a time based criteria, a service plan, a network thedevice or service activity is gaining access from, a redetermination ofa network congestion state after adapting to a previously determinednetwork busy state, and/or other criteria/measures as described herein.

In some embodiments, network capacity controlled services traffic (e.g.,traffic flows) is differentially controlled for protecting networkcapacity. For example, various software updates for an OS and one ormore applications on the device can be differentially controlled usingthe various techniques described herein. As another example,security/antimalware software (e.g., antivirus, firewall, contentprotection, intrusion detection/prevention, and/or othersecurity/antimalware software) can be differentially controlled usingthe various techniques described herein. As yet another example, networkbackups/imaging, content downloads (e.g., exceeding a thresholdindividually and/or in aggregate, such as for image, music, video, eBookcontent, email attachments, content/media subscriptions, RSS/news feeds,text/image/video chat, software updates, and/or other content downloads)can be differentially controlled using the various techniques describedherein.

For example, using the DAS for protecting network capacity techniquesdescribed herein an adaptive policy control for protecting networkcapacity can be provided. A network capacity controlled services listcan be generated, updated, reported, and/or received by the device andstored on the device (e.g., the list can be based on adapted to theservice plan associated with the device). If a monitored network serviceusage activity is not on the list, then the device can report themonitored network service usage activity to a network element (e.g., fora monitored network service usage activity that also exceeds a certainthreshold, based on a network busy state, based on a time basedcriteria, and/or other criteria/measure). As an example, monitorednetwork service usage activity can be reported if/when the monitorednetwork service usage activity exceeds a data usage threshold (e.g., 50MB total data usage per day, a socket opening frequency/rate, velocityof data usage at an instant in time, or more complicated thresholds overtime, over peak periods, by content and time, by various otherparameters/thresholds). As another example, the monitored networkservice usage activity can be reported based on testing of the networkservice usage behavior and/or application developer characterizationinput. The report can include information that identifies the networkservice usage activity and various network service usage parameters.

In some embodiments, a notification setting is selected based on aservice usage notification policy. In some embodiments, a notificationsetting includes a user notification setting (e.g., various usernotifications settings as described above with respect to FIG. 18).

In some embodiments, classifying the network service usage activityfurther includes classifying the network service usage activity (e.g.,using a usage threshold filter and/or cascading filter techniques) intoone or more of a plurality of classification categories for differentialnetwork access control for protecting network capacity. In someembodiments, classifying the network service usage activity, furtherincludes classifying the network service usage activity into one or morenetwork capacity controlled services in which the network capacitycontrolled services include one or more of the following: applicationsrequiring data network access, application software updates,applications requiring network information, applications requiring GPSor physical location, operating system software updates, securitysoftware updates, network based backups, email downloads, and a set ofactivities configured as network capacity controlled service activitiesbased on a service profile and/or user input (e.g., and/or various othertypes of network service usage activities as described herein and aswill now be apparent to one of ordinary skill in the art). For example,network capacity controlled services can include software updates for OSand applications, OS background network accesses, cloud synchronizationservices, RSS feeds & other background information feeds,browser/application/device behavior reporting, background emaildownloads, content subscription service updates and downloads (e.g.,music/video downloads, news feeds), text/voice/video chat clients,security updates (e.g., antimalware updates), peer to peer networkingapplication updates, inefficient network access sequences duringfrequent power cycling or power save state cycling, large downloads orother high bandwidth accesses, and greedy application programs thatconstantly/repeatedly access the network with small transmissions orrequests for information. In some embodiments, a network capacitycontrolled services list is static, adaptive, generated using a serviceprocessor, received from a network element (e.g., service controller orservice cloud), received from a network element (e.g., servicecontroller or service cloud) and based at least in part on deviceactivity reports received from the service processor, based on criteriaset by pre-testing, report of behavior characterization performed by theapplication developer, and/or based at least in part on user input. Insome embodiments, the network capacity controlled services list includesone or more network service activity background (QoS) classes.

In some embodiments, classifying the network service usage activityfurther includes classifying the network service usage activity based onone or more of the following: application or widget (e.g., Outlook,Skype, iTunes, Android email, weather channel weather widget, iCal,Firefox Browser, etc), application type (e.g., user application, systemapplication/utility/function/process, OSapplication/utility/function/process, email, browser, widget, malware(such as a virus or suspicious process), RSS feed, devicesynchronization service, download application, network backup/imagingapplication, voice/video chat, peer to peer content application or otherpeer to peer application, streaming media feed or broadcastreception/transmission application, network meeting application, chatapplication or session, and/or any other application or processidentification and categorization), OS/system function (e.g., any systemapplication/utility/function/process and/or OSapplication/utility/function/process, such as a OS update and/or OSerror reporting), modem function, network communication function (e.g.,network discovery or signaling, EtherType messages, connectionflow/stream/session set up or tear down, network authentication orauthorization sequences, IP address acquisition, and DNS services), URLand/or domain, destination/source IP address, protocol, traffic type,socket (e.g., IP address, protocol, and/or port), socketaddress/label/identifier (e.g., port address/port number), content type(e.g., email downloads, email text, video, music, eBooks, widget updatestreams, and download streams), port (e.g., port number), QoSclassification level, time of day, on peak or off peak, network time,network busy state, access network selected, service plan selected, userpreferences, device credentials, user credentials, and/or status, modempower cycling or power state changes, modem authentication processes,modem link set up or tear down, modem management communications, modemsoftware or firmware updates, modem power management information, devicepower state, and modem power state. In some embodiments, classifying thenetwork service usage activity further includes associating theclassified network service usage activity with an ID (e.g., anapplication ID, which can be, for example, a unique number, name, and/orsignature). In some embodiments, classifying the network service usageactivity further includes classifying the network service usage activityusing a plurality of classification parameters, including one or more ofthe following: application ID, remote IP (e.g., URL, domain, and/or IPaddress), remote port, protocol, content type, a filter action class(e.g., network busy state class, QoS class, time of day, network busystate, and/or other criteria/measures), and access network selected. Insome embodiments, classifying the network service usage activity furtherincludes using a combination of parameters as discussed above todetermine the classification of the network service usage activity.

In some embodiments, classifying the network service usage activityfurther includes classifying the network service usage activity as anetwork capacity controlled service, a non-network capacity controlledservice, a blocked or disallowed service, and/or a not yetclassified/identified service (e.g., unknown/yet to be determinedclassification or pending classification). In some embodiments, anapplication connection, OS connection, and/or other service activity isclassified as a network capacity controlled service activity when thedevice has been inactive (e.g., or in a power save state) for a periodof time (e.g., when the user has not interacted with it for a period oftime, when it has not displayed user notification policy, and/or a userinput has not been received for a period of time, and/or when a powersave state is entered). In some embodiments, an application connection,OS connection, and/or other service activity is classified as a networkcapacity controlled service activity when the monitored network serviceusage activity exceeds a data usage threshold for more than oneapplication connection, OS connection, and/or other service activity(e.g., aggregated data usage exceeds the data usage threshold); or for aspecific application connection. In some embodiments, an applicationconnection, OS connection, and/or other service activity is classifiedas a network capacity controlled service activity when the monitorednetwork service usage activity exceeds a data usage threshold based on apredetermined list of one or more data usage limits, based on a listreceived from a network element, usage time limit (e.g., based on aperiod of time exceeding a usage limit), and/or based on some otherusage related criteria/measures. In some embodiments, classifying thenetwork service usage activity further includes classifying the networkservice usage activity as a network capacity controlled service based ona network peak time, a network busy state, or a network connection tothe device falls below a certain performance level (e.g., higher/lowerpriorities assigned based on various such criteria/other input/factors).

In some embodiments, one or more of the network capacity controlledservices are associated with a different network access policy set forone or more networks and/or one or more alternative networks. In someembodiments, one or more of the network capacity controlled services areassociated with a different notification policy set for one or morenetworks and/or one or more alternative networks. In some embodiments,the network capacity controlled services list is stored on the device.In some embodiments, the network capacity controlled services list isreceived/periodically updated from a network element and stored on thedevice. In some embodiments, the network capacity controlled serviceslist includes network capacity controlled services, non-network capacitycontrolled services (e.g., foreground services or services based onvarious possibly dynamic criteria are not classified as network capacitycontrolled services), and an unclassified set of services (e.g., greylist including one or more network service activities pendingclassification based on further analysis and/or input, such as from anetwork element, service provider, and/or user). In some embodiments,the network capacity controlled services list is based on one or more ofthe following: predefined/predesignated (e.g., network, service plan,pre-test and/or characterized by an application developer) criteria;device assisted/based monitoring (e.g., using a service processor);network based monitoring (e.g., using a DPI gateway); network assistedanalysis (e.g., based on device reports of DAS activity analysis). Forexample, the device can report device monitored network service usageactivities (e.g., all monitored network service usage activities or asubset based on configuration, threshold, service plan, network, and/oruser input) to the network element. As another example, the networkelement can update the network capacity controlled services list andsend the updated list to the device. As yet another example, the networkelement can perform a statistical analysis of network service activitiesacross a plurality of devices based on the device based and/or networkbased network service usage activity monitoring/reporting. In someembodiments, a network service usage activity is determined to be anactive application or process (e.g., based on a user interaction withthe device and/or network service usage activity, such as a pop-upand/or other criteria/measures).

In some embodiments, implementing traffic control for network capacitycontrolled services is provided using various techniques. In someembodiments, the device includes a service processor agent or functionto intercept, block, modify, remove or replace UI messages,notifications or other UI communications generated by a network serviceactivity that whose network service usage is being controlled or managed(e.g., using various measurement points as shown in and described withrespect to FIGS. 12 and 13). For example, this technique can be used toprovide for an improved user experience (e.g., to prevent an applicationthat is being controlled for protecting network capacity from generatingrepeated and/or confusing messages/alerts to the user). In someembodiments, a network stack interface of the device is replaced ormodified to provide for intercept or discontinuance of network socketinterface messages to applications or OS functions or otherfunctions/software.

In some embodiments, implementing traffic control for network capacitycontrolled services using DAS techniques is provided using varioustechniques in which the network service usage activity is unaware ofnetwork capacity control (e.g., does not support an API or otherinterface for implementing network capacity control). For example,network service application messaging interface based techniques can beused to implement traffic control. Example network service applicationmessaging interfaces include the following: network stack API, networkcommunication stream/flow interface, network stack API messages,EtherType messages, ARP messages, and/or other messaging or other orsimilar techniques as will now be apparent to one of ordinary skill inthe art in view of the various embodiments described herein. In someembodiments, network service usage activity control policies or networkservice activity messages are selected based on the set of trafficcontrol policies or service activity messages that result in reduced ormodified user notification by the service activity due to networkcapacity controlled service policies applied to the network serviceactivity. In some embodiments, network service usage activity controlpolicies or network service activity messages are selected based on theset of traffic control policies or service activity messages that resultin reduced disruption of device operation due to network capacitycontrolled service activity policies applied to the network serviceactivity. In some embodiments, network service usage activity controlpolicies or network service activity messages are selected based on theset of traffic control policies or service activity messages that resultin reduced disruption of network service activity operation due tonetwork capacity controlled service activity policies applied to thenetwork service activity. In some embodiments, implementing trafficcontrol for network capacity controlled services is provided byintercepting opens/connects/writes. In some embodiments, implementingtraffic control for network capacity controlled services is provided byintercepting stack API level or application messaging layer requests(e.g., socket open/send requests). For example, an intercepted requestcan be copied (e.g., to memory) and queued (e.g., delayed or throttled)or dropped (e.g., blocked). As another example, an intercepted requestcan be copied into memory and then a portion of the transmission can beretrieved from memory and reinjected (e.g., throttled). As yet anotherexample, intercepting messaging transmissions can be parsed inline andallowed to transmit (e.g., allowed), and the transmission or a portionof the transmission can be copied to memory for classifying the trafficflow. In some embodiments, implementing traffic control for networkcapacity controlled services is provided by intercepting or controllingor modulating UI notifications. In some embodiments, implementingtraffic control for network capacity controlled services is provided bykilling or suspending the network service activity. In some embodiments,implementing traffic control for network capacity controlled services isprovided by deprioritizing the process(es) associated with the serviceactivity (e.g., CPU scheduling deprioritization).

In some embodiments, implementing traffic control for network capacitycontrolled services using DAS techniques for network service usageactivities that are unaware of network capacity control is provided byemulating network API messaging (e.g., effectively providing a spoofedor emulated network API). For example, an emulated network API canintercept, modify, block, remove, and/or replace network socketapplication interface messages and/or EtherType messages (e.g.,EWOULDBLOCK, ENETDOWN, ENETUNREACH, EHOSTDOWN, EHOSTUNREACH, EALRADY,EINPROGRESS, ECONNREFUSED, EINPROGRESS, ETIMEDOUT, and/other suchmessages). As another example, an emulated network API can modify, swap,and/or inject network socket application interface messages (socket( ),connect( ), read( ), write( ), close( ), and other such messages) thatprovide for control or management of network service activity serviceusage behavior. As yet another example, before a connection is allowedto be opened (e.g., before a socket is opened), transmission, or aflow/stream is initiated, it is blocked and a message is sent back tothe application (e.g., a reset message in response to a sync request oranother message that the application will understand and can interpretto indicate that the network access attempt was not allowed/blocked,that the network is not available, and/or to try again later for therequested network access). As yet another example, the socket can beallowed to open but after some point in time (e.g., based on networkservice usage, network busy state, time based criteria, and/or someother criteria/measure), the stream is blocked or the socket isterminated. As yet another example, time window based traffic controltechniques can be implemented (e.g., during non-peak, not network busystate times), such as by allowing network access for a period of time,blocking for a period of time, and then repeating to thereby effectivelyspread the network access out either randomly or deterministically.Using these techniques, an application that is unaware of networkcapacity control based traffic control can send and receive standardmessaging, and the device can implement traffic controls based on thenetwork capacity control policy using messaging that the network serviceusage activity (e.g., application or OS or software function) canunderstand and will respond to in a typically predictable manner aswould now be apparent to one of ordinary skill in the art.

In some embodiments, implementing traffic control for network capacitycontrolled services using DAS techniques is provided using varioustechniques in which the network service usage activity is aware ofnetwork capacity control (e.g., the network service usage activitysupports an API or other interface for implementing network capacitycontrol). For example, a network access API as described herein can beused to implement traffic control for network capacity controlledservices. In some embodiments, the API facilitates communication of oneor more of the following: network access conditions, network busy stateor network availability state of one or more networks or alternativenetworks, one or more network capacity controlled service policies(e.g., the network service can be of a current network access setting,such as allow/block, throttle, queue, scheduled time/time slot, and/ordefer, which can be based on, for example, a current network, a currentnetwork busy state, a time based criteria, a service plan, a networkservice classification, and/or other criteria/measures), a networkaccess request from a network service activity, a query/polled requestto a network service activity, a network access grant to a networkservice activity (e.g., including a priority setting and/or networkcapacity controlled service classification, a scheduled time/time slot,an alternative network, and/or other criteria/measures), a network busystate or a network availability state or a network QoS state.

In some embodiments, implementing traffic control for network capacitycontrolled services using network assisted/based techniques is providedusing various techniques in which the network service usage activity isunaware of network capacity control (e.g., does not support an API orother interface for implementing network capacity control). In someembodiments, DPI based techniques are used to control network capacitycontrolled services (e.g., to block or throttle network capacitycontrolled services at a DPI gateway).

In some embodiments, implementing traffic control for network capacitycontrolled services using network assisted/based techniques is providedusing various techniques in which the network service usage activity isaware of network capacity control (e.g., does support an API or otherinterface for implementing network capacity control). In someembodiments, the application/messaging layer (e.g., a network API asdescribed herein) is used to communicate with a network service activityto provide associated network capacity controlled serviceclassifications and/or priorities, network busy state information ornetwork availability of one or more networks or alternative networks, anetwork access request and response, and/other criteria/measures assimilarly described herein.

In some embodiments, DAS for protecting network capacity includesimplementing a service plan for differential charging based on networkservice usage activities (e.g., including network capacity controlledservices). In some embodiments, the service plan includes differentialcharging for network capacity controlled services. In some embodiments,the service plan includes a cap network service usage for networkcapacity controlled services. In some embodiments, the service planincludes a notification when the cap is exceeded. In some embodiments,the service plan includes overage charges when the cap is exceeded. Insome embodiments, the service plan includes modifying charging based onuser input (e.g., user override selection as described herein, in whichfor example, overage charges are different for network capacitycontrolled services and/or based on priority levels and/or based on thecurrent access network). In some embodiments, the service plan includestime based criteria restrictions for network capacity controlledservices (e.g., time of day restrictions with or without overrideoptions). In some embodiments, the service plan includes network busystate based criteria restrictions for network capacity controlledservices (e.g., with or without override options). In some embodiments,the service plan provides for network service activity controls to beoverridden (e.g., one time, time window, usage amount, or permanent)(e.g., differentially charge for override, differentially cap foroverride, override with action based UI notification option, and/oroverride with UI setting). In some embodiments, the service planincludes family plan or multi-user plan (e.g., different networkcapacity controlled service settings for different users). In someembodiments, the service plan includes multi-device plan (e.g.,different network capacity controlled service settings for differentdevices, such as smart phone v. laptop v. net book v. eBook). In someembodiments, the service plan includes free network capacity controlledservice usage for certain times of day, network busy state(s), and/orother criteria/measures. In some embodiments, the service plan includesnetwork dependent charging for network capacity controlled services. Insome embodiments, the service plan includes networkpreference/prioritization for network capacity controlled services. Insome embodiments, the service plan includes arbitration billing to billa carrier partner or sponsored service partner for the access providedto a destination, application, or other network capacity controlledservice. In some embodiments, the service plan includes arbitrationbilling to bill an application developer for the access provided to adestination, application or other network capacity controlled service.

In some application scenarios, excess network capacity demand can becaused by modem power state changes on the device. For example, when anapplication or OS function attempts to connect to the network for anyreason when the modem is in a power save state wherein the modem is notconnected to the network, it can cause the modem to change power savestate, reconnect to the network, and then initiate the applicationnetwork connection. In some cases, this can also cause the network tore-initiate a modem connection session (e.g., PPP session) which inaddition to the network capacity consumed by the basic modem connectionalso consumes network resources for establishing the PPP session.Accordingly, in some embodiments, network service usage activity controlpolicies are implemented that limit or control the ability ofapplications, OS functions, and/or other network service usageactivities (e.g., network capacity controlled services) from changingthe modem power control state or network connection state. In someembodiments, a service usage activity is prevented or limited fromawakening the modem, changing the power state of the modem, or causingthe modem to connect to the network until a given time window isreached. In some embodiments, the frequency a service usage activity isallowed to awakening the modem, changing the power state of the modem,or causing the modem is limited. In some embodiments, a network serviceusage activity is prevented from awakening the modem, changing the powerstate of the modem, or causing the modem until a time delay has passed.In some embodiments, a network service usage activity is prevented fromawakening the modem, changing the power state of the modem, or causingthe modem until multiple network service usage activities require suchchanges in modem state, or until network service usage activity isaggregated to increase network capacity and/or network resourceutilization efficiency. In some embodiments, limiting the ability of anetwork service usage activity to change the power state of a modemincludes not allowing the activity to power the modem off, place themodem in sleep mode, or disconnect the modem from the network. In someembodiments, these limitations on network service usage activity toawaken the modem, change the power state of the modem, or cause themodem to connect to a network are set by a central network function(e.g., a service controller or other network element/function) policycommunication to the modem. In some embodiments, these power controlstate policies are updated by the central network function.

FIG. 24 depicts a diagram of a network capacity protection system 2400utilizing device-assisted services (DAS). The system 2400 includeswireless devices 2402-1 to 2402-N (referred to collectively as thewireless devices 2402), wireless networks 2404-1 to 2404-N (referred tocollectively as the wireless networks 2404), a network traffic analysisengine 2406, a network service usage classification engine 2408, and adifferential network access control engine 2410.

The wireless devices 2402 will at a minimum include a processor, memory(though the memory could be implemented in the processor), a radio, anda radio interface (though the radio interface could be implemented as“part of” the radio). In order to make the wireless devices 2402 useful,they will typically have at least one input device and at least oneoutput device, including input and output interfaces, if applicable.

The wireless devices 2402 can be implemented as stations. A station, asused herein, may be referred to as a device with a media access control(MAC) address and a physical layer (PHY) interface to the wirelessmedium that comply with, e.g., the IEEE 802.11 standard. A station canbe described as “IEEE 802.11-compliant” when compliance with the IEEE802.11 standard is intended to be explicit. (I.e, a device acts asdescribed in at least a portion of the IEEE 802.11 standard.) One ofordinary skill in the relevant art would understand what the IEEE 802.11standard comprises today and that the IEEE 802.11 standard can changeover time, and would be expected to apply techniques described in thispaper in compliance with future versions of the IEEE 802.11 standard ifan applicable change is made. IEEE Std 802.11™-2007 (Revision of IEEEStd 802.11-1999) is incorporated by reference. IEEE 802.11k-2008, IEEE802.11n-2009, IEEE 802.11p-2010, IEEE 802.11r-2008, IEEE 802.11w-2009,and IEEE 802.11y-2008 are also incorporated by reference.

In alternative embodiments, one or more of the wireless devices 2402 maycomply with some other standard or no standard at all, and may havedifferent interfaces to a wireless or other medium. It should be notedthat not all standards refer to wireless devices as “stations,” butwhere the term is used in this paper, it should be understood that ananalogous unit will be present on all applicable wireless networks.Thus, use of the term “station” should not be construed as limiting thescope of an embodiment that describes wireless devices as stations to astandard that explicitly uses the term, unless such a limitation isappropriate in the context of the discussion.

The wireless networks 2404 will typically include an internetworkingunit (IWU) that interconnects wireless devices on the relevant one ofthe wireless networks 2404 with another network, such as a wired LAN.The IWU is sometimes referred to as a wireless access point (WAP). Inthe IEEE 802.11 standard, a WAP is also defined as a station. Thus, astation can be a non-WAP station or a WAP station. In a cellularnetwork, the WAP is often referred to as a base station.

The wireless networks 2404 can be implemented using any applicabletechnology, which can differ by network type or in other ways. Thewireless networks 2404 can be of any appropriate size (e.g.,metropolitan area network (MAN), personal area network (PAN), etc.).Broadband wireless MANs may or may not be compliant with IEEE 802.16,which is incorporated by reference. Wireless PANs may or may not becompliant with IEEE 802.15, which is incorporated by reference. Thewireless networks 2404 can be identifiable by network type (e.g., 2G,3G, WiFi), service provider, WAP/base station identifier (e.g., WiFiSSID, base station and sector ID), geographic location, or otheridentification criteria.

The wireless networks 2404 may or may not be coupled together via anintermediate network. The intermediate network can include practicallyany type of communications network, such as, by way of example but notlimitation, the Internet, a public switched telephone network (PSTN), oran infrastructure network (e.g., private LAN). The term “Internet” asused herein refers to a network of networks which uses certainprotocols, such as the TCP/IP protocol, and possibly other protocolssuch as the hypertext transfer protocol (HTTP) for hypertext markuplanguage (HTML) documents that make up the World Wide Web (the web).

In the example of FIG. 24, the network traffic analysis engine 2406 iscoupled to the wireless device 2402-1. In a specific implementation, thenetwork traffic analysis engine 2406 is implemented on a server and iscoupled to the wireless device 2402-1 through the Internet. However, atleast a portion of the network traffic analysis engine 2406 canalternatively be implemented on the wireless device 2402-1, with orwithout a connection to a server that includes another portion (e.g., aserver portion) of the network traffic analysis engine 2406.

As used in this paper, an engine includes a dedicated or sharedprocessor and, typically, firmware or software modules that are executedby the processor. Depending upon implementation-specific or otherconsiderations, an engine can be centralized or its functionalitydistributed. An engine can include special purpose hardware, firmware,or software embodied in a computer-readable medium for execution by theprocessor. As used in this paper, a computer-readable medium is intendedto include all mediums that are statutory (e.g., in the United States,under 35 U.S.C. 101), and to specifically exclude all mediums that arenon-statutory in nature to the extent that the exclusion is necessaryfor a claim that includes the computer-readable medium to be valid.Known statutory computer-readable mediums include hardware (e.g.,registers, random access memory (RAM), non-volatile (NV) storage, toname a few), but may or may not be limited to hardware.

The network traffic analysis engine 2406 analyzes a subset of trafficbetween the wireless device 2402-1 and a source or destination. Theanalyzed traffic may or may not be limited to a network segment, such asbetween a cellular phone and a base station. The network trafficanalysis engine 2406 can analyze traffic for a subset of devices in thewireless network 2404-1 service area. The analyzed traffic may or maynot be limited to subscribers.

In the example of FIG. 24, the network service usage classificationengine 2408 is coupled to the network traffic analysis engine 2406. In aspecific implementation, the network service usage classification engine2408 is implemented on a server, which may or may not be the same serveron which the network traffic analysis engine 2406 is implemented.However, at least a portion of the network service usage classificationengine 2408 can alternatively be implemented on the wireless device2402-1, with or without a connection to a server that includes anotherportion (e.g., a server portion) of the network service usageclassification engine 2408.

The network service usage classification engine 2408 can categorizetraffic based upon the service class (e.g., conversational, streaming,interactive, background, or some other service class) requested orneeded for a service. The categorization facilitates identification of asnapshot of service class use at a given time, and, in someimplementations, predictions of future service class use based upon thesnapshot (e.g., making an assumption that future service class use is atleast somewhat related to service class use of the snapshot), historicaldata analysis (e.g., service class usage at certain times of day/days ofthe week), identification of trends, or the use of some other predictivetechnology.

In the example of FIG. 24, the differential network access controlengine 2410 is coupled to the network service usage classificationengine 2408. In a specific implementation, the network access controlengine 2410 is implemented on a server, which may or may not be the sameserver on which the network traffic analysis engine 2406 and/or thenetwork service usage classification engine 2408 are implemented.However, at least a portion of the network access control engine 2410can alternatively be implemented on the wireless device 2402-1, with orwithout a connection to a server that includes another portion (e.g., aserver portion) of the network access control engine 2410.

The differential network access control engine 2410 uses the predictedservice class use from the network service usage classification engine2408 to dynamically adjust resources allocated to service classes. Forexample, the differential network access control engine 2410 can performa service class availability assessment to determine whether serviceclass capacity for service classes on a channel are sufficient forpredicted service usage, and either add resources if service classavailability is insufficient for predicted service usage or reduceresources if service class availability is more than sufficient forpredicted service usage.

Alternatively, the differential network access control engine 2410 caninstead or in addition control applications on devices such that theapplications change service usage levels or delay consumption ofwireless resources (e.g., by delaying software updates until moreresources become available). In an embodiment, a service usage controlpolicy is implemented on the wireless device 2402-1. This may benecessary in some cases to ensure the wireless device 2402-1 can adjustapplication settings that are normally fixed, optimize network serviceusage activation based on network state (e.g., if the network is busy),control over-the-air software updates, throttle resource-hungryapplications, manage network service usage requests from repeated powerdown modes, keep PPP sessions active, or otherwise facilitate dynamicservice class adjustments or other device behavior.

In a specific implementation, subscribers can be incented to changeservice classes by, for example, charging more for higher serviceclasses. The differential network access control engine 2410 can send anotification of differential charges for service classes. Alternatively,the charges could be implemented via subscriber account settings orpreferences.

In the example of FIG. 24, in operation, the network traffic analysisengine 2406 analyzes traffic from one or more devices, including thewireless device 2402-1. The network service usage classification engine2408 predicts the amount of resources needed for service classes, andthe differential network access control engine 2410 dynamicallyallocates resources on an as-needed basis to adjust the service classesthat are available to the one or more devices and/or adjusts devicebehavior for a subset of the one or more devices or instructs a subsetof the one or more devices to adjust device behavior such that thedevice consumes service class-specific resources in accordance with anaccess control policy appropriate for the resources allocated to theapplicable service classes.

FIG. 25 depicts a diagram an example of a differential access controlnotification system 2500. In the example of FIG. 25, the system 2500includes a network service usage analysis engine 2502, a network serviceusage classification engine 2504, a differential network access controlengine 2506, a network service usage control policy datastore 2508, anetwork service usage notification engine 2510, a user interface 2512,and a service plan update engine 2514.

In the example of FIG. 25, the network service usage analysis engine2502 analyzes network service usage activity. The analysis can includean analysis of traffic sent to or from a device, an application runningon a device, a request for services, or other analysis that isinformative of past, current, or future network service usage. Forexample, the network service usage activity can include an attempt todownload or load an application onto the communications device, anattempt to execute the network service activity or the network serviceusage activity attempts to access the network, meeting or exceeding anetwork service usage threshold, satisfying a network service usagepre-condition, an update to a network capacity controlled serviceactivity classification list, an update to a network capacity controlledservices policy, and a network message is sent to the device triggeringthe notification, to name several by way of example. The analysis canoccur on a non-WAP station, a WAP or base station, a server, or partlyon one of these devices or some other device.

In the example of FIG. 25, the network service usage classificationengine 2504 is coupled to the network service usage analysis engine2502. The network service usage classification engine 2504 classifiesthe analyzed network service usage into one or more service classes. Theclassification can occur on a non-WAP station, a WAP or base station, aserver, or partly on one of these devices or some other device.

In the example of FIG. 25, the differential network access controlengine 2506 is coupled to the network service usage classificationengine 2504. The differential network access control engine 2506determines network access parameters using the service classesassociated with the network service usage activity and network serviceusage control policies stored in the network service usage controlpolicy datastore 2508. The determination can occur on a non-WAP station,a WAP or base station, a server, or partly on one of these devices orsome other device. The network service usage control policy datastore2508 can be implemented on a wireless device, but it is also possible tomaintain the datastore remotely relative to the device (e.g., on aserver). In a specific implementation, even if the network service usagecontrol policy datastore 2508 is maintained remotely relative to thewireless device, the wireless device will still have a network serviceusage control policy implemented.

A datastore can be implemented, for example, as software embodied in aphysical computer-readable medium on a general- or specific-purposemachine, in firmware, in hardware, in a combination thereof, or in anapplicable known or convenient device or system. Datastores in thispaper are intended to include any organization of data, includingtables, comma-separated values (CSV) files, traditional databases (e.g.,SQL), or other applicable known or convenient organizational formats.Datastore-associated components, such as database interfaces, can beconsidered “part of” a datastore, part of some other system component,or a combination thereof, though the physical location and othercharacteristics of datastore-associated components is not critical foran understanding of the techniques described in this paper.

Datastores can include data structures. As used in this paper, a datastructure is associated with a particular way of storing and organizingdata in a computer so that it can be used efficiently within a givencontext. Data structures are generally based on the ability of acomputer to fetch and store data at any place in its memory, specifiedby an address, a bit string that can be itself stored in memory andmanipulated by the program. Thus some data structures are based oncomputing the addresses of data items with arithmetic operations; whileother data structures are based on storing addresses of data itemswithin the structure itself. Many data structures use both principles,sometimes combined in non-trivial ways. The implementation of a datastructure usually entails writing a set of procedures that create andmanipulate instances of that structure.

In the example of FIG. 25, the network service usage notification engine2510 is coupled to the differential network access control engine 2506and the network service usage control policy datastore 2508. The networkservice usage notification engine 2510 is configured to generate anotification sufficient to indicate relevant access control information.For example, the notification could indicate what network service usageactivities are network capacity controlled services, the type of networkservice policy in effect for one or more network capacity controlledservices, that a network service activity belongs to a network capacitycontrolled services classification, that a service activity that isclassified as network capacity controlled services classification canhave the classification changed, that if the service class is changedfor the network service activity that the associated network serviceusage charges will change, a service plan upgrade/downgrade offer, andan offer for a service plan that provides discounts and/or incentivesfor responding to one or more user notifications for protecting networkcapacity, to name several by way of example.

The notification may or may not also include a user preferenceselection. For example, the notification could include a provision toassociate a network service usage control policy with the networkservice usage activity, an over-ride option for selecting the networkservice usage control policy, a modify option to select the serviceusage control policy, and a select option to select a new service plan,to name several by way of example. Other examples include networkservice usage activity information for one or more network capacitycontrolled services, predicted network service usage activityinformation for one or more network capacity controlled services, anoption for obtaining more information about the network service usage ofthe network service usage activity, a message that the network serviceusage activity may result in network service usage that exceeds athreshold for a service plan associated with the device, an option toreview or select an alternative service plan, an acknowledgementrequest, and an option to submit the acknowledgement request, to nameseveral more by way of example.

In the example of FIG. 25, the user interface 2512 is coupled to thenetwork service usage notification engine 2510. It may be noted thatnotifications can be disposed of by consulting user preferences (e.g.,when a user indicates that maximum performance or minimum cost should beautomatically selected). However, unless subscriber preferences are setas a default, a user is likely to have notifications displayed in the UI2512. The notification can be in an applicable known or convenient form,such as SMS, email, a popup window, or the like. To the extent aresponse is permitted, a user can input a response to the notificationusing an input device (not shown).

In the example of FIG. 25, the service plan update engine 2514 iscoupled to the UI 2512. As was previously mentioned, the UI can bebypassed because of, e.g., user preferences that are determinative of aselection provided in the notification. Regardless of how the selectionassociated with the notification is made, the service plan update engine2514 can update a service plan, network service usage control policy,user preferences, or other parameters in accordance with the selection.The service plan update engine 2514 can also update accounting if costsaccrue.

FIG. 26 depicts an example of a computer system 2600 on which techniquesdescribed in this paper can be implemented. The computer system 2600 maybe a conventional computer system that can be used as a client computersystem, such as a wireless client or a workstation, or a server computersystem. The computer system 2600 includes a computer 2602, I/O devices2604, and a display device 2606. The computer 2602 includes a processor2608, a communications interface 2610, memory 2612, display controller2614, non-volatile storage 2616, and I/O controller 2618. The computer2602 may be coupled to or include the I/O devices 2604 and displaydevice 2606.

The computer 2602 interfaces to external systems through thecommunications interface 2610, which may include a modem or networkinterface. It will be appreciated that the communications interface 2610can be considered to be part of the computer system 2600 or a part ofthe computer 2602. The communications interface 2610 can be an analogmodem, ISDN modem, cable modem, token ring interface, satellitetransmission interface (e.g. “direct PC”), or other interfaces forcoupling a computer system to other computer systems.

The processor 2608 may be, for example, a conventional microprocessorsuch as an Intel Pentium microprocessor or Motorola power PCmicroprocessor. The memory 2612 is coupled to the processor 2608 by abus 2670. The memory 2612 can be Dynamic Random Access Memory (DRAM) andcan also include Static RAM (SRAM). The bus 2670 couples the processor2608 to the memory 2612, also to the non-volatile storage 2616, to thedisplay controller 2614, and to the I/O controller 2618.

The I/O devices 2604 can include a keyboard, disk drives, printers, ascanner, and other input and output devices, including a mouse or otherpointing device. The display controller 2614 may control in theconventional manner a display on the display device 2606, which can be,for example, a cathode ray tube (CRT) or liquid crystal display (LCD).The display controller 2614 and the I/O controller 2618 can beimplemented with conventional well known technology.

The non-volatile storage 2616 is often a magnetic hard disk, an opticaldisk, or another form of storage for large amounts of data. Some of thisdata is often written, by a direct memory access process, into memory2612 during execution of software in the computer 2602. One of skill inthe art will immediately recognize that the terms “machine-readablemedium” or “computer-readable medium” includes any type of storagedevice that is accessible by the processor 2608 and also encompasses acarrier wave that encodes a data signal.

The computer system 2600 is one example of many possible computersystems which have different architectures. For example, personalcomputers based on an Intel microprocessor often have multiple buses,one of which can be an I/O bus for the peripherals and one that directlyconnects the processor 2608 and the memory 2612 (often referred to as amemory bus). The buses are connected together through bridge componentsthat perform any necessary translation due to differing bus protocols.

Network computers are another type of computer system that can be usedin conjunction with the teachings provided herein. Network computers donot usually include a hard disk or other mass storage, and theexecutable programs are loaded from a network connection into the memory2612 for execution by the processor 2608. A Web TV system, which isknown in the art, is also considered to be a computer system, but it maylack some of the features shown in FIG. 26, such as certain input oroutput devices. A typical computer system will usually include at leasta processor, memory, and a bus coupling the memory to the processor.

In addition, the computer system 2600 is controlled by operating systemsoftware which includes a file management system, such as a diskoperating system, which is part of the operating system software. Oneexample of operating system software with its associated file managementsystem software is the family of operating systems known as Windows®from Microsoft Corporation of Redmond, Wash., and their associated filemanagement systems. Another example of operating system software withits associated file management system software is the Linux operatingsystem and its associated file management system. The file managementsystem is typically stored in the non-volatile storage 2616 and causesthe processor 2608 to execute the various acts required by the operatingsystem to input and output data and to store data in memory, includingstoring files on the non-volatile storage 2616.

FIG. 27 depicts a diagram of an example of a system 2700 forapplication-specific differential network access control. In the exampleof FIG. 27, the system 2700 includes a network service consumingapplication 2702, a network service usage analysis engine 2704, anapplication behavior datastore 2706, a network service usageclassification engine 7708, an application traffic prioritization engine2710, a network service usage control policy datastore 2712, adifferential network access control engine 2714, an application trafficcache 2716, an application traffic override engine 2718, and a networkinterface 2720. The system 2700 is intended to represent a specificimplementation of techniques described previously in this paper forillustrative purposes. The techniques may be applicable to an applicableknown or convenient (wired or wireless) device for which there is amotivation to control network service usage.

In the example of FIG. 27, the network service consuming application2702 is a application that is implemented on a device. In an expecteduse, the application is a software application stored at least in partin memory on a wireless device, though kernel-level instructions couldbe implemented as firmware or even hardware. The application can bereferred to as “running” on the device or as being “executed” by thedevice in accordance with known uses of those terms. Wireless media areknown to have more bandwidth constraints, which is why a wireless deviceis an expected use, though the technique may be applicable to wireddevices in certain situations.

In the example of FIG. 27, the network service usage analysis engine2704 is coupled to the network service consuming application 2702. Thenetwork service usage analysis engine 2704 analyzes traffic from thenetwork service consuming application 2702 and stores relevant data inthe application behavior datastore 2706. The data can include alltraffic that is sent by the application, or a subset of the traffic(e.g., that which has a certain QoS classification or priority, thatwhich has high resource consumption due to frequent transmission fromthe application, that which is sent to a particular destination, etc.)The data can also include traffic that is received for the application.The application behavior datastore 2706 can alternatively or in additionbe implemented as a traffic source/destination datastore, which can bevaluable if differential access control is based upon the source and/ordestination of traffic. The application behavior datastore 2706 includesdata structures (e.g., records) representative of data that is organizedwith implementation-specific granularity. For example, the datastructures could be representative of frames (L2), packets (L3), ormessages. (It may be noted that the term “packets” is often used to meancollections of data that are not limited to L3.) The desired granularitymay depend upon where the network service usage analysis engine 2704 islocated. Whether the data structures are changed over time (e.g., tochange data associated with a record), replaced as records age, ormaintained as historical data is also implementation-specific.

In the example of FIG. 27, the network service usage classificationengine 2708 is coupled to the network service usage analysis engine 2704and the application behavior datastore 2706. The network service usageclassification engine 2708 can categorize the traffic stored in theapplication behavior datastore 2706 based on, e.g., network type, timeof day, connection cost, whether home or roaming, network busy state,QoS, and whether the particular service usage activity is in foregroundof user interaction or in the background of user interaction, or othercharacteristics that are obtained from network service usage analysis orthrough other means. Classification rules can include, for example,examining if one or more of the following has taken place within aspecified period of time: user has interacted with the device, user hasinteracted with the service usage activity, user has picked up thedevice, service usage activity UI content is in the foreground of thedevice UI, audio or video information is being played by the serviceusage activity, a certain amount of data has been communicated by theservice usage activity, service usage activity is or is not on aforeground or background service list. Rules that define which serviceusage activities to classify as, e.g., background service usageactivities can be user-selected, set by a service provider, or throughsome other applicable means.

Advantageously, the network service usage analysis engine 2704 canexamine a particular service usage activity and the network serviceusage classification engine 2708 can determine if the particular serviceusage activity fits a set of one or more classification rules thatdefine the particular service usage activity as, e.g., a backgroundservice usage activity.

In the example of FIG. 27, the application traffic prioritization engine2710 uses a policy stored in the network service usage control policydatastore 2712 to determine an appropriate prioritization for traffic toand/or from the network service consuming application 2702.Prioritization can enable the system 2700 to fine-tune the amount ofnetwork resources consumed by the network service consuming application2702, or the rate of network resource consumption. The control policycan require applications to throttle network resource consumption,prohibit the use of network resources by certain applications, etc.

Advantageously, the application traffic prioritization engine 2710 candetermine a particular service usage activity has a particularcharacteristic, such as being a background service usage activity. Thiscan involve checking whether a condition is satisfied.

In the example of FIG. 27, the differential network access controlengine 2714 is coupled to the application traffic prioritization engine2710 and the network service usage control policy datastore 2712. Thedifferential network access control engine 2714 causes the networkservice consuming application 2702 traffic to be queued in theapplication traffic cache 2716. (If no throttling is required to followthe control policy, of course, the traffic need not be cached anywhereother than is typical, such as in an output buffer.) The applicationtraffic cache 2716 is intended to represent a cache that is implementedon top of an output buffer or other standard caching device, and is usedby the differential network access control engine 2714 to facilitatecontrol over “rogue” applications, applications having anomalousbehavior, or applications that must otherwise be controlled to conformwith the control policy.

Advantageously, the differential network access control engine canrestrict network access of a particular service usage activity when acondition is satisfied, such as when the service usage activity is abackground activity.

In the example of FIG. 27, the application traffic override engine 2718is coupled to the differential network access control engine 2714 andthe application traffic cache 2716. The application traffic overrideengine 2718 enables a user or device to deviate from the control policy.Such deviation can be prompted by, for example, an incentive offer or anotification of cost.

In an illustrative example, the device 2700 blocks chatter for anapplication running in the background that is attempting to reportdevice or user behavior. The application traffic prioritization engine2710 determines that the chatter has zero priority, such that thenetwork service consuming application 2702 is prevented from consumingany resources. The user can be sent a notification by the applicationtraffic override engine 2718 that their control policy prohibits theapplication from consuming network resources, but that the user can optto deviate from the control policy if they are willing to pay for theconsumed resources. If the user is willing to pay for the resources,traffic can be sent at a certain rate from the application traffic cache2716 through the network interface 2720, or perhaps sent without usingthe application traffic cache 2716.

As another illustrative example, the device 2700 could identifyapplication traffic as a software update. The differential networkaccess control engine 2714 may determine that software updates can bereceived at a throttled rate (perhaps even slower than the lowest QoScategorization). The application traffic override engine 2718 canreceive an indication from the user, from user preferences, serviceprovider settings, or the like that the updates can ignore the controlpolicy for a particular application (or for all applications).

Advantageously, the control policy can set up a priority to communicatecached elements, set minimum update frequencies, provide control policyoverrides (typically for payment), or the like to fine-tune differentialnetwork access control policies. This can enable the system 2700 toencourage certain behavior, such as sending low QoS traffic when it ischeaper (e.g., when the network does not have a busy state, athistorically low-use times of day, when on a certain type of network,such as Wi-Fi, as opposed to another, such as cellular, etc.).

FIG. 28 depicts an example of a system 2800 for flow tracking. In theexample of FIG. 28, the system 2800 includes a network 2802, a contentdatastore 2804, a network element 2806, and a service policy implementeddevice 2808.

In the example of FIG. 28, the network 2802 is intended to include anapplicable communications network such as the Internet, a publicswitched telephone network (PSTN), an infrastructure network (e.g.,private LAN), or some other network that is capable of acting as a linkbetween the various components depicted in FIG. 2. The term “Internet”as used herein refers to a network of networks which uses certainprotocols, such as the TCP/IP protocol, and possibly other protocolssuch as the hypertext transfer protocol (HTTP) for hypertext markuplanguage (HTML) documents that make up the World Wide Web (the web). APSTN can include wired or wireless (e.g., 4G/3G/2G) network operated by,for example, a central provider. An infrastructure network that offerswireless connectivity can include wired and wireless devices incommunication with wireless access points (WAPs). The wired and wirelessdevices can include various network equipment including by way ofexample but not limitation a cable network head end, a DSL networkDSLAM, a fiber network aggregation node, and/or a satellite networkaggregation node.

The network 2802, if it includes a wireless network, will typicallyinclude an internetworking unit (IWU) that interconnects wirelessdevices on the network 2802 with another network, such as a wired LAN onthe network 2802. The IWU is sometimes referred to as a wireless accesspoint (WAP). In the IEEE 802.11 standard, a WAP is also defined as astation. Thus, a station can be a non-WAP station or a WAP station. In acellular network, the WAP is often referred to as a base station. Thenetwork 2802 can be implemented using an applicable technology, whichcan differ by network type or in other ways. The network 2802 caninclude networks of any appropriate size (e.g., metropolitan areanetwork (MAN), personal area network (PAN), etc.). Broadband wirelessMANs may or may not be compliant with IEEE 802.16, which is incorporatedby reference. Wireless PANs may or may not be compliant with IEEE802.15, which is incorporated by reference. Networks can be identifiableby network type (e.g., 2G, 3G, WiFi), service provider, WAP/base stationidentifier (e.g., WiFi SSID, base station and sector ID), geographiclocation, or other identification criteria.

In the example of FIG. 28, the network 2802 is coupled to the contentdatastore 2804. The content datastore 2804 is intended to illustrate anyapplicable content that is accessed by the service policy implementeddevice 2808. A datastore can be implemented, for example, as softwareembodied in a physical computer-readable medium on a general- orspecific-purpose machine, in firmware, in hardware, in a combinationthereof, or in an applicable known or convenient device or system.Datastores in this paper are intended to include any organization ofdata, including tables, comma-separated values (CSV) files, traditionaldatabases (e.g., SQL), or other applicable known or convenientorganizational formats. Datastore-associated components, such asdatabase interfaces, can be considered “part of” a datastore, part ofsome other system component, or a combination thereof, though thephysical location and other characteristics of datastore-associatedcomponents is not critical for an understanding of the techniquesdescribed in this paper.

Datastores can include data structures. As used in this paper, a datastructure is associated with a particular way of storing and organizingdata in a computer so that it can be used efficiently within a givencontext. Data structures are generally based on the ability of acomputer to fetch and store data at any place in its memory, specifiedby an address, a bit string that can be itself stored in memory andmanipulated by the program. Thus some data structures are based oncomputing the addresses of data items with arithmetic operations; whileother data structures are based on storing addresses of data itemswithin the structure itself. Many data structures use both principles,sometimes combined in non-trivial ways. The implementation of a datastructure usually entails writing a set of procedures that create andmanipulate instances of that structure.

In the example of FIG. 28, the network element 2806 is coupled to thenetwork 2802 and includes hardware 2810 and a network stack 2812. Inoperation, the network stack 2812 can be implemented as an engine on thehardware 2810. As used in this paper, an engine includes a dedicated orshared processor and, typically, firmware or software modules that areexecuted by the processor. Depending upon implementation-specific orother considerations, an engine can be centralized or its functionalitydistributed. An engine can include special purpose hardware, firmware,or software embodied in a computer-readable medium for execution by theprocessor. As used in this paper, a computer-readable medium is intendedto include all mediums that are statutory (e.g., in the United States,under 35 U.S.C. 101), and to specifically exclude all mediums that arenon-statutory in nature to the extent that the exclusion is necessaryfor a claim that includes the computer-readable medium to be valid.Known statutory computer-readable mediums include hardware (e.g.,registers, random access memory (RAM), non-volatile (NV) storage, toname a few), but may or may not be limited to hardware.

In the example of FIG. 28, the service policy implemented device 2808 iscoupled to the network element 2806. As the name suggests, the servicepolicy implemented device 2808 has an implemented service policy.Cellular phones often have implemented service policies, such as thosedescribed previously in this paper, but the service policy implementeddevice 2808 need not necessarily be limited to a cellular phoneimplementation. In an embodiment, the service policy implemented device2808 includes any applicable computing device on which a service policyis implemented. The service policy implemented device 2808 can implementdevice-assisted services as described in this paper.

The service policy implemented device 2808 includes an initiator 2814,an optional control application 2816, and a proxy 2818. In operation,the initiator 2814, optional control application 2816, and proxy 2818can be implemented as engines. In an instance and/or embodiment in whichthe optional control application 2816 is not present, the initiator 2814can invoke the proxy 2818 through, e.g., a media service API. Where theoptional control application 2816 is not necessary, the initiator 2814will typically include an app that is capable of its own rendering orcontrol. The optional control application 2816 can include a renderingor control application that invokes the proxy 2818 on behalf of theinitiator 2814. This can be useful for a requesting app that does notinclude rendering or control capabilities, such as an audio file. Inthis particular example, the optional control application 2816 caninclude a media player that has been registered to handle attempts tocertain audio files, much like a program on a personal computer can beregistered to handle files of certain types (e.g., on a personalcomputer, an attempt to open a Word document results in launchingMicrosoft Word to open the Word document because Microsoft Word has beenregistered to handle files of that type on the personal computer).Proxies 2818 can include download, media (e.g., streaming audio,streaming video, etc.), VoIP, instant messaging (IM), videoconference/IM (including, e.g., a 2-way video client), backup, or othermanagers/services.

In operation, traffic can be tagged at various points. For example,traffic can be tagged at an activity stack between the initiator 2814and the optional control application 2816. As another example, trafficcan be tagged at a manager/service API between the optional controlapplication 2816 and the proxy 2818 (or in an instance or embodimentthat does not include the optional control application 2816, at amanager/service API between the initiator 2814 and the proxy 2818). Asanother example, traffic can be tagged at a network interface betweenthe proxy 2818 and the network stack 2812.

The example of FIG. 28 will now be used to illustrate a specificimplementation with reference to actual apps by name by way of example,but not limitation. An initiator (skysport) triggers a controlapplication (HTC player) to utilize a proxy (media service). Theactivity stack and API data from the HTC player are provided to aclassification and enforcement engine. The technique used to obtaintraffic information for the purpose of tagging can be by, for example, ahook, call-back, injection point, broadcast receiver, intent filter, orsome other applicable mechanism. In this way, traffic from a thread thatis identified as that of the media server can be attributed to skysport,and appropriate policy (e.g., traffic control, notification, andbilling) can be enforced. Similarly, traffic from a thread that isidentified as that of HTC player can be attributed to skysport andappropriate policy can be enforced.

After tagging a flow, it may be desirable to act on the flow in variousways related to the relevant service policy. For example, a mobile datalimit can be set. Advantageously, it is possible to go to each app torestrict background and/or foreground data. It is also possible todisable background for a device across the board. Because of the way theflow is tagged, an app will not even be aware of restrictions to, e.g.,background data.

FIG. 29 depicts a flowchart 2900 of an example of a method of flowtracking. For illustrative purposes, a mapping (flow tracking) of anapplication is depicted to the right of the flowchart 2900. In theexample of FIG. 29, the flowchart 2900 starts at module 2902 withactivating A. In this example, A is intended to identify an electronictraffic source, such as a URL, phone number, or other applicablemechanism for forming a connection such that data can flow between aservice policy implemented device and some other device. Thus,activating A can entail clicking on a URL, dialing a phone number, orinitiating a connection with another device in some other applicablemanner. The data can flow in one direction or in more than onedirection, depending upon the instance and/or implementation.

In the example of FIG. 29, the flowchart 2900 continues to module 2904with an initiator calling an activity stack. In this paper, the activitystack is located between an initiator (e.g., a file and systemcomponents that identify the control app) and a control app. Where nocontrol app is used, the term activity stack is not used in favor ofmaking reference to a proxy API. For the purposes of this example, theinitiator is the engine, component, or otherwise identifiable thing thatis responsible for traffic associated with A. In a system that tracksservice usage for the purpose of implementing a service policy in amanner that is described in this paper, it may be desirable to be ableto identify the initiator and charge for the traffic appropriately. (Asopposed to, for example, charging the proxy or control app orcontrolling policy in some other manner that is not as finely tuned.) Itmay be noted that the activity stack is located between an initiator anda control app, but if there is no control app, the initiator insteadcalls a service API. The initiator can be mapped to A at the activitystack.

In the example of FIG. 29, the flowchart 2900 continues to module 2906with a control app calling a service API to handle A. An example of acontrol app that could be used in this manner is the HTC player (or someother media player). In a specific example, the HTC player could beregistered to handle files of a certain type. (For the sake of thisexample, let us assume it is registered to handle “audio files”). A usercould click on audio file content of a website. The audio file itselfdoes not have rendering capabilities; so the HTC player runs on theaudio file's behalf to play the audio file for a user. The control appcan be mapped to A at the service API.

In the example of FIG. 29, the flowchart 2900 continues to module 2908with a proxy opening a network connection to A. Naturally, opening aconnection to A can require certain actions by the proxy, such asfinding A in a network. In a specific implementation, the proxy uses anIP lookup to find an IP address (generally having a format 1.2.3.4). Theproxy can be mapped to A at the network interface. It is possible that Awill have moved to B, in which case a DNS request can be used to find B.If that happens, A can be mapped to B, and the thread can be trackedback to A and, ultimately, the initiator.

In the example of FIG. 29, the flowchart 2900 continues to module 2910with data flowing from A to the proxy (or from B to the proxy if A wasmoved to B). The traffic of the data flow can be tagged, and because theinitiator, control app (if applicable), and proxy were all mapped to A,it is possible to figure out that the network resources can be chargedto A (or to some other component to which the traffic has been mapped,if applicable).

In the example of FIG. 29, the flowchart 2900 continues to module 2912with the proxy talking to the control app and to module 2914 with thecontrol app controlling the content. Thus, in the example where A is anaudio file and the control app is an audio player, the proxy providesstreamed audio to the player, which plays the audio content for a user.As was previously noted, the content can be matched to the location ofthe content (e.g., on a website) and can be treated in a manner that isappropriate for an active service policy.

In the example of FIG. 29, the flowchart 2900 ends at module 2916 withcharging traffic associated with A to the initiator. It may be notedthat traffic tagging can occur at different points in the network stack,such as at socket flows or IP packet transmissions. Also, an initiatorcould at least in theory have any number of intervening apps between theinitiator and the proxy, and traffic could be tagged between each app.Advantageously, it is possible to track whether apps have othercharacteristics. For example, tracking is possible when in foreground orbackground. This can include background service protocols and backgroundnetwork access. This can have an impact on how traffic is charged orotherwise controlled in accordance with the applicable service policy.

Traffic tagging may or may not entail the use of hooks. The amount ofcontrol over the proxy will depend upon whether, for example, the proxywas written by the same party that wrote other components of a deviceframework. It is somewhat more likely that a third party will make useof hooks. It may also be desirable to hook at certain locations, such asin the socket, to tag back to a traffic stack “opened socket for thread”and give a socket-to-thread mapping. Combined with an API mapping, it ispossible to map socket-to-app, which can then be pushed to a low levelinterface where traffic can be observed (e.g., a driver, in a kernel,etc.). As was previously discussed, the activity stack makes it possibleto use hooks (if applicable) to map socket-to-control app-to-initiatingapp. Where every packet is counted at, e.g., a firewall, the low levelinterface can see the thread and can map each packet to the appropriateapp even though the counted packets are, e.g., identified as those ofthe proxy. This facilitates traffic can being accurately dropped intothe appropriate service policy buckets.

Tagging traffic flows enables discrete service control policyenforcement. For example, a service policy could block A (or B) inaccordance with a service control policy even if the proxy is notnormally blocked (for example, for other content). Blocking can occur atthe network and is possible even in the case where an initiator calls acontrol app that is not necessarily blocked because tagging happens inthe activity stack. It may also be the case that a control app should beblocked regardless of whether A (or B) should be blocked, which ispossible because the traffic is tagged at the API. It may be noted thatblocking is not the only traffic control policy, and other trafficcontrol policies could be used, as well, such as notification.

In an implementation in which the proxy includes a VoIP manager, theproxy can run encoding/protocols (SIP, H323, etc.). A VoIP servicecontrol cloud can ensure routing to a low latency backbone. The VoIPservice manager can do core functions of VoIP there. An API enablesrunning consistent VoIP services with a consistent set of tools forapps. A VoIP service manager can have special performance features, QoSfunctions, interactive cloud service, and can be charged differently,routed to APN or server, manage offloading to WiFI/2G/3G/4G, manageroaming aspects, and manage presence.

FIG. 30 depicts an example of a system 3000 with a mapped traffic flow.The system 3000 includes a user 3002, a data usage settings datastore3004, system managers 3006, an ItsOn service engine 3008, an app 3010, aproxy 3012, a thread 3014, a socket 3016, and an ItsOn classificationengine 3018. Although reference is made to “ItsOn” in this example, itshould be noted that this is simply one specific implementation, andthat the techniques described in association with this example arebroadly applicable, not limited to any actual ItsOn implementation.

In the example of FIG. 30, a user 3002 can provide data usage settingsto the data usage settings datastore 3004 andstart/stop/foreground/background/ . . . instructions to the systemmanagers 3006. It may be noted that a user agent, network agent, serviceprovider agent, or some other agent can provide data usage settingsinstead of or in addition to the user 3002. Similarly, a user agent,network agent, service provider agent, or some other agent can providestart/stop/foreground/background/ . . . instructions instead of or inaddition to the user 3002.

In the example of FIG. 30, the data usage settings datastore 3004includes service policy that can be accessed by the ItsOn service engine3008. Service policy can be implemented and/or enforced using techniquesdescribed elsewhere in this paper. An example of policy that may be usedby the ItsOn service engine 3008 is “allow app” or “restrict app.”

In the example of FIG. 30, the system managers 3006 (or a system managerthereof) launch the app 3010 and report app state to the ItsOn serviceengine 3008. An example of app state is “call-back on state change.”This can, for example, result in a call-back if an app changes fromrunning in the background to running in the foreground, or vice versa,or when the app is shut down.

In the example of FIG. 30, the app 3010 utilizes an API to trigger theproxy 3012 which in turn passes through a socket connection at thesocket 3016 as traffic. In operation, the app 3010, the proxy 3012, andthe socket 3016 can be implemented as engines. The proxy 3012 generatesthe thread 3014 and registers the thread with the ItsOn service engine3008. The socket 3016 registers the socket connection with the ItsOnservice engine 3008.

In the example of FIG. 30, the ItsOn service engine 3008 has datasufficient to map the socket to the app, using the thread registrationfrom the proxy 3012 and the socket registration from the socket 3016.The ItsOn service engine 3008 sends the socket-to-app mapping to theItsOn classification engine 3018, along with a filter, which can be toallow, block, or perform some other filtering. The ItsOn service engine3008 can be logically (or physically) divided into at least twocomponents: a network policy manager and a traffic stack. The networkpolicy manager can include, e.g., a policy decision point agent. See,e.g., FIG. 3, policy decision point agent 1692. The network policymanager accesses policy in the data usage settings datastore 3004,receives the app state from the system managers 3006, and provides afilter parameter to the ItsOn classification engine 3018. The trafficstack receives the registration of the thread and the registration ofthe socket and provides the socket app map to the ItsOn classificationengine 3018.

In the example of FIG. 30, the ItsOn classification engine 3018 iscapable of enforcing policy for a thread (mapped to an app), including,e.g., traffic control, notification, and/or charging. The ItsOnclassification engine 3018 can be logically (or physically) divided intoat least two components: a firewall (e.g., iptables) and a taggingengine (e.g., qtaguid). The tagging engine receives the socket app mapfrom the traffic stack and provides a tag to the firewall. The firewallreceives the filter from the network policy manager and the tag from thetagging engine and provides a count back to the tagging engine. Thefirewall also filters (e.g., blocks, allows, or performs some otherfiltering) traffic from the socket 3016.

It is becoming increasingly important to associate device access networkservice usage (e.g., network data services usage, voice services usage,etc.) to the applications (e.g., application program, widget, service,process, embedded object, or any combination of these, etc.) that areusing the services. This information may be used in a variety of ways,including but not limited to: (1) classifying service usage to assist auser to understand one or more aspects of service usage (e.g., notifyinga user about which applications are consuming service usage, or how muchservice usage one or more applications are consuming (e.g., amount ofusage); (2) classifying service usage for the purpose of service controlpolicy enforcement (e.g., traffic control, quality-of-service (QoS)control, QoS channel set-up, application-based service classification orusage controls, etc.); (3) classifying service usage for the purpose ofservice charging accounting.

Various embodiments disclosed herein provide a way for device softwareagents, integrated into the device in addition to an operating system oras an integral set of functions in an operating system, to track networkservice usage through a proxy service function back to an originatingapplication that uses the proxy service function o assist intransferring data between a network and the application (e.g.,application program, widget, service, process, embedded object, or anycombination of these, etc.).

In some existing device operating systems, a proxy service function isused to manage the network service flows between the network and anapplication (e.g., application program, widget, service, process,embedded object, or any combination of these, etc.), and the proxyservice is stored in the operating system (OS) as the applicationresponsible for using services rather than the application actuallyusing the network service. For example, in the Android OS, there existsa “media service” OS library software program function that manages thenetwork stack interface for download of network data (typically, but notlimited to, multimedia data). The device makes a request to the mediaservice, which then performs various network stack interface functionsto transfer the network data between the device application and thenetwork. The media service can also process media files to determine howbest to decode the multimedia and play the multimedia on the device userinterface (UI). For example, the media service can determine the mediafiling coding standard (e.g., MP3, MP4, OGG, H.264, VP8, etc.), decodethe media, select a player for the media (e.g., libstagefright (anAndroid streaming service library function), a third-party or OEM mediaplayer, etc.), and send the decoded media to the media player for UIplayback. In the case of the media service, the data flows to thenetwork can be classified by various device service usage monitoringagents (e.g., a kernel agent in the network stack) as belonging to themedia service, not the originating application, and the OS provides nomechanism for tracking the usage back to the originating application.

Another example in the Android OS is the “media” OS library softwareprogram that is used by applications such as the Android browser,Android store app downloader, the Gmail client, OS updater, etc. Themedia function manages network data transfers for such applications,allowing an application to launch a data transfer request and thencontinue other operations while the media service is managing thenetwork data transfer. In the case of the media function, the data flowsto the network can be classified as belonging to the media function, notthe originating application, and the OS provides no techniques ormechanisms to track the usage back to the originating application.

As another example, some higher-level library software functions orframework software functions provide proxy server client functions thatencapsulate native application traffic to send application flows to anetwork proxy server for further network traffic processing, and thisproxy client function sits above the network stack. Examples of thisinclude the Android.net library function, the Apache library function,and the Java.net library function, third-party proxy server clientfunctions or tunneling protocol functions, and other proxy server clientfunctions or tunneling protocol functions.

As another example, there are system services (e.g., DNS, certificatemanagement, etc.) for may OS (e.g., Windows 7 and other Windowsversions). Similar to the OS functions discussed above, these OSfunctions manage data transfer with the OS network stack interface foran originating application, and the device network stack service flowscan be classified back to these OS functions, but not to the originatingapplications.

Disclosed herein are techniques and mechanisms to identify anapplication name, identifier, process, etc. for an application (e.g.,application program, widget, service, process, embedded object, or anycombination of these, etc.) that requests from a media service manager adata transfer (data transfer request) that includes a network resourceidentifier (e.g., an IP address, a URL, a remote file name or address, astream name, an object name, or any combination of these identifiers)that identifies a source (or a proxy to the source) of the data to betransferred or a data object to be transferred. In some embodiments, asoftware agent (e.g., a service classification and accounting agent)identifies the originating application. In some embodiments, thesoftware agent monitors and stores the application name, identifier,process, etc., for each application that requests a data transfer fromthe media service manager or that conducts a data transfer with themedia service manager. In some embodiments, the software agent (e.g.,the service classification and accounting agent) is implemented byincluding a requesting-application storing function in the mediaservices manager. In some embodiments, the software agent (e.g., theservice classification and accounting agent) further identifies andstores information about the network resource identifiers along with theentry specifying the requesting application name, identifier, process,etc.

In some embodiments, techniques or mechanisms within the media servicemanager transfer the requested data from the network resource identifierby mapping the transfer request and network resource identifier into oneor more data flow connections communicated through a device networkingstack (and, in some embodiments, managing the resulting flow of databetween the network and device stack and/or between the network stackand the application).

In some embodiments, techniques or mechanisms are used to identify theresulting network data flows. In some embodiments, a serviceclassification and accounting agent identifies the resulting networkdata flows by monitoring and recording the resulting network data flowidentifiers (e.g., a data flow tag, an IP address, a TCP-IP identifier,a layer 7 identifier, a socket tuple, etc.).

In some embodiments, techniques or mechanisms associate the resultingnetwork data flows back to the application name, identifier, process,etc. For example, in an Android system, the resulting network data flowscan be associated with the UID. In some embodiments, a serviceclassification and accounting agent associates the resulting networkdata flows back to the application name, identifier, process, etc. byinspecting the resulting network data flows to determine a match betweenone or more aspects of the network resource identifier stored inassociation with the requesting application name, identifier, process,etc. In some embodiments, a service classification and accounting agentassociates the resulting network data flows back to the applicationname, identifier, process, etc. by tracking the data flow from theinterface between the media service manager and the application, througheach stage of media service manager data flow processing to theresulting network data flow between the media service manager and thenetwork stack. In some embodiments, virtual tagging is used, and thetracking is accomplished by identifying and recording, at each trafficprocessing step within the media services manager, an associationbetween the traffic flows at one side of the traffic processing step andthe traffic flows at the other side of the traffic processing step. Insome embodiments with more than one traffic-processing step, theassociations made for each step are followed to create an associationfor all steps. In some embodiments, literal tagging is used, and thattracking is accomplished by tagging the data flows at one side of themedia service manager traffic processing and identifying the tag at theother side of the media service manager traffic processing.

In some embodiments, techniques or mechanisms are used to create anaccounting record for the resulting network data flow usage or toenforce a network traffic control policy on the resulting network dataflows, or to create a service usage notification for the resultingnetwork data flow usage.

In some embodiments, the results of the service usage classification oraccounting can be stored in a local device (or operating system)database. The results of the service usage classification or accountingcan be provided to a device (or operating system) user interface (UI)function for the purpose of displaying usage classifications to a user.The results of the service usage classification or accounting can beprovided to other applications, operating system service functions,other device software functions, or network-based service classificationor accounting functions.

In some embodiments, a proxy network service manager refers to anintermediary data flow function in a device operating system that sitson a data path between a device application and a device networkingstack interface to provide a level of network service abstraction fromthe network stack interface, a higher-level service function above thenetwork stack interface, enhanced or special traffic processingfunctions, media service transfer management, file download service,HTTP proxy service functions, quality-of-service (QoS) differentiation,or other similar or related higher-level traffic processing. Examples ofproxy service managers include but are not limited to: a media servicemanager (e.g., the Android media service library function), an e-mailservice manager, a domain name server (DNS) function, a softwaredownload service manager, a media download manager, a data downloadservice manager, an Android “media” library function, the Android.netlibrary function, the Java.net library function, an Apache libraryfunction, other similar software or library functions or services inother device operating systems, an SMTP, IMAP, or POP proxy, an HTTPproxy, an IM proxy, a VPN service manager, an SSL proxy, etc.

In some embodiments, techniques or mechanisms identify an applicationname, identifier, process, etc. for an application (e.g., an applicationprogram, a widget, a service, a process, an embedded object, or anycombination of these, etc.) that requests from a proxy service manager adata transfer (a data transfer request) that includes a network resourceidentifier (e.g., an IP address, a URL, a remote filename or address, astream name, an object name, or any combination of these identifiers,etc.) that identifies a source (or a proxy to the source) of the data tobe transferred or a data object to be transferred. In some embodiments,a service classification and accounting agent identifies the originatingapplication by monitoring and storing the application name, identifier,process, etc. for each application that requests a data transfer fromthe proxy service manager or that conducts a data transfer with theproxy service manager. In some embodiments, the service classificationand accounting agent is implemented by including a requestingapplication storing function in a proxy services manager. In some suchembodiments, the service classification and accounting agent furtheridentifies and stores information about the network resource identifieralong with the entry specifying the requesting application name,identifier, process, etc.

In some embodiments, techniques or mechanisms within the proxy servicemanager are used to transfer the requested data from the networkresource identifier by mapping the transfer request and network resourceidentifier into one or more data flow connections communicated through adevice networking stack (and possibly managing the resulting flow ofdata between the network and device stack or between the network stackand the application).

In some embodiments, techniques or mechanisms are used to identify theresulting network data flows. In some embodiments, a serviceclassification and accounting agent identifies the resulting networkdata flows by monitoring and recording the resulting network data flowidentifiers (e.g., a data flow tag, an IP address, a TCP-IP identifier,a layer 7 identifier, a socket tuple, etc.).

In some embodiments, techniques or mechanisms are used to associate theresulting network data flows back to the application name, identifier,process, etc. For example, in an Android system, the resulting networkdata flows can be associated with the UID. In some embodiments, aservice classification and accounting agent associates the resultingnetwork data flows back to the application name, identifier, process,etc. by inspecting the resulting network data flows to determine a matchbetween one or more aspects of the network resource identifier stored inassociation with the requesting application name, identifier, process,etc. In some embodiments, a service classification and accounting agentassociates the resulting network data flows back to the applicationname, identifier, process, etc. by tracking the data flow from theinterface between the media service manager and the application, througheach stage of media service manager data flow processing to theresulting network data flow between the media service manager and thenetwork stack. In some embodiments, virtual tagging is used, and thetracking is accomplished by identifying and recording, at each trafficprocessing step within the media services manager, an associationbetween the traffic flows at one side of the traffic processing step andthe traffic flows at the other side of the traffic processing step. Insome embodiments with more than one traffic-processing step, theassociations made for each step are followed to create an associationfor all steps. In some embodiments, literal tagging is used, and thattracking is accomplished by tagging the data flows at one side of themedia service manager traffic processing and identifying the tag at theother side of the media service manager traffic processing.

In some embodiments, techniques or mechanisms are used to create anaccounting record for the resulting network data flow usage or toenforce a network traffic control policy on the resulting network dataflows, or to create a service usage notification for the resultingnetwork data flow usage.

In some embodiments, the results of the service usage classification oraccounting can be stored in a local device (or operating system)database. The results of the service usage classification or accountingcan be provided to a device (or operating system) user interface (UI)function for the purpose of displaying usage classifications to a user.The results of the service usage classification or accounting can beprovided to other applications, operating system service functions,other device software functions, or network-based service classificationor accounting functions.

FIGS. 31A and 31B depict a flowchart 3100 of an example of a method ofvirtual tagging. As will be appreciated by a person having ordinaryskill in the art, the number of detailed embodiments are numerous, andthis detailed description is provided for instructive purposes and notto indicate any limitation to the general embodiments described herein.The example references a specific well-known application (Pandora), butthe techniques described are broadly applicable. In the example of FIGS.31A and 31B, the flowchart 3100 starts at module 3102 with Pandoraapplication calls a media service function with a network resourceindicator (NRI) that includes a Pandora URL with a song identifierincluded in the URL descriptor.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3104 with Pandora receives back from the media service function amedia object handle descriptor so that the Pandora application cancontrol playback, etc. by sending commands back to the media servicefunction for that handle descriptor (e.g., pause on xyz song handle,play xyz song handle, etc.).

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3106 with the media service function initiates an HTTP downloadby calling libstagefright, which conducts the HTTP song downloadprocess.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3108 with, at some point in the download process, the mediaservice function begins playback with a media player under the controlof the media service function and in accordance with the Pandoraapplication playback commands for the media object handle for the songbeing played back.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3110 with a classification and accounting agent function includedin the media service function writing the NRI descriptor into a tablelocated in an application usage/flow mapping element.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3112 with the classification and accounting agent functionassociates the NRI with the Pandora application by writing a Pandoraapplication identifier descriptor into the same table entry within theapplication usage/flow mapping element.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3114 with the table entry being communicated to ausage/classification reconciliation element.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3116 with the classification and enforcement agent identifies thenetwork data flows (e.g., socket (e.g., IP address, destination port,source port, protocol, etc.) indexed data flows) originating from themedia service function (and/or possibly the libstagefright functionoriginating the flows), identifies the NRI via packet flow layer 7inspection, and logs the service usage accounting for these packetflows.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3118 the classification and enforcement agent writes into a tableentry the following associations: (1) identifier for the media servicefunction originating the flows (and/or possibly the identifier for thelibstagefright function originating the flows), (2) the NRI, (3) theservice usage classification for these flows and accounting for theseflows, and (4) possibly the service usage accounting for these flows.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3120 with this table entry being communicated to theusage/classification reconciliation element.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3122 with the usage/classification reconciliation element usingthese two table entries, which both have common entries for the NRI andthe media service function (and/or possibly the libstagefright function)to make the association between the Pandora application and the serviceusage classification and possibly the service usage accounting.

In the example of FIGS. 31A and 31B, the flowchart 3100 continues tomodule 3124 with these parameters may then be written into theusage/classification database.

FIG. 32 depicts an example of a system 3200 for classification mappingusing virtual tagging. The system 3200 includes an application 3202, acontrol application 3204, a proxy service manager 3206, a network stack(driver) 3208, traffic processes 3210-1 to 3210-N (collectively, trafficprocesses 3210), a flow tracking agent 3212, an application usage/flowmapping engine 3214, a usage/classification reconciliation engine 3216,a usage/classification datastore 3218, a user interface (UI) engine3220, and an application interface engine 3222. In operation, theapplication 3202, control application 3204, proxy service manager 3206,network stack (driver) 3208, and flow tracking agent 3212 areimplemented as engines.

In the example of FIG. 32, the application 3202 may or may not,depending upon instance and/or implementation, need to use the controlapplication 3204 (e.g., to render content) and/or the proxy servicemanager 3206. This is represented by the three double arrows from theapplication 3202 to the control application 3204, the proxy servicemanager 3206, and the network stack (driver) 3208.

In the example of FIG. 32, traffic processes associated with theapplication 3202 are depicted as traffic processes 3210. The flowtracking agent 3212 can obtain information about the traffic processes3210 at the start and end of the traffic flow that comprises the trafficprocesses 3210. The start and end are intended to illustrate, forexample, a hook, call-back, injection point, etc., at a proxy servicemanager API (the start) and at a socket connection (the end). It may benoted that in an instance or embodiment where the application 3202 doesnot use the proxy service manager 3206, data at the socket willaccurately identify the app as the initiator of the data flow. In aninstance or embodiment where the application 3202 uses the proxy servicemanager 3206, data at the socket will be insufficient to identify theapplication 3203 as the initiator of the data flow, making it desirableto add a virtual tag at the proxy API or some other applicable upstreamlocation. In an instance or embodiment where the application 3203 usesthe control application 3204, an additional virtual tag is necessitatedat the activity stack.

In the example of FIG. 32, the virtual tags are sent from the flowtracking agent 3212 to the app usage/flow mapping engine 3214, whichcommunicates with the usage/classification reconciliation engine 3216,which in turn communicates with the network stack (driver) 3208. Theusage/classification reconciliation engine 3216 can track usage of theapp, classify the app, and to the extent there is disagreement atdifferent system locations, reconcile usage in accordance with rules.The usage/classification reconciliation engine 3216 saves theusage/classification in the usage/classification datastore 3218, whichcan be made available to a user via the user interface 3220 or anapplication via the application interface 3222.

In an alternative embodiment, flow tracking agents are coupled betweentraffic process elements 3210. For example, between traffic process3210-1 and traffic process 3210-2.

In some embodiments, the proxy service manager can perform applicationidentification and classification, usage monitoring, and counting. Thisallows service usage to be classified and associated with an applicationprior to proxy processing. Classification can be accomplished with asoftware agent (e.g., the service classification and accounting agent)added to the proxy service manager software program (or libraryfunction). It may be noted that a software agent, in operation, can beimplemented as an engine. The service classification and accountingproxy agent can identify which application requested or is processingthe data transfer with the network and can include this as part of thedata flow classification for the data transfer. The serviceclassification and accounting proxy agent can inspect the traffic todetermine other parameters such as network destination (e.g., domain,URL, network address, IP address, traffic flow identifier, port address,etc.) or type of traffic (e.g., data or voice, network protocol (e.g.,TCP-IP, UDP, native IP, HTTP, SSL, etc.)). The service classificationand accounting proxy agent can also classify the traffic with otherparameters such as active network, network state (network busy state,time of day, type of network (e.g., 3G, 4G, WiFi, etc.)). The serviceclassification and accounting proxy agent may also monitor service usageand account for traffic.

In some embodiments, the proxy service manager includes a serviceclassification and accounting proxy agent that uses a flow trackingfunction as discussed in a pervious embodiment description to associatethe requesting application network service flows between the requestingapplication and the proxy service manager and tracks these flows throughthe traffic processing or other service processing that takes place inthe proxy service manager and then tracks the network service flows intothe operating system network stack interface. The service classificationand accounting proxy agent can then provide the classification or usageaccounting results to the usage classification and reconciliation agent,which can then reconcile the service classification and usage that isreported by the proxy service manager service classification andaccounting proxy agent against classification or usage accountingresults that are reported by other agents on other parts of the datapath between the requesting application and the network (e.g., a serviceclassification and accounting driver agent located in the network stackdriver that is discussed in various embodiments in other applicationsand patents, that have been incorporated by reference in thecross-reference to related applications section, above).

In some embodiments, the results of the service usage classification oraccounting can be stored in a local device (or operating system)database. The results of the service usage classification or accountingcan be provided to a device (or operating system) UI function for thepurpose of displaying usage classifications to a user. The results ofthe service usage classification or accounting can be provided to otherapplications, operating service functions, other device softwarefunctions, or network-based service classification or accountingfunctions.

In some embodiments, the proxy service manager encapsulates the receivedframes (or packets) by adding its own header and trailer fields. Theencapsulated frames (or packets) traffic is then forwarded with a header(and possibly trailer) to a network proxy server or proxy gateway. Theencapsulated frames are then forwarded to the network stack, where theservice classification and accounting driver agent inspects the trafficto classify and possibly account for it.

In some embodiments, the classification includes the serviceclassification and accounting driver agent steps of first determiningthat the frame (or packet) is a packet with a proxy forwardingdestination specification, determine the inspection range of proxyencapsulated frame within the encapsulated frame traffic (this is theencapsulated packet byte offset where the destination information and/orother classification information from the original requestingapplication packet is located), then inspecting this byte offset rangeto determine the classification of the original requesting applicationtraffic, and then associating the classification or usage accountingwith the original packet information and/or the requesting application.

In some embodiments, the results of the service usage classification oraccounting can be stored in a local device (or operating system)database. The results of the service usage classification or accountingcan be provided to a device (or operating system) UI function for thepurpose of displaying usage classifications to a user. The results ofthe service usage classification or accounting can be provided to otherapplications, operating service functions, other device softwarefunctions, or network-based service classification or accountingfunctions.

FIG. 33 depicts an example of a media service classification system3300. The system 3300 includes an applications layer 3302, anapplication framework 3304, libraries 3306, a netlink interface 3308,and a Linux kernel 3310. The applications layer 3302 includes an ItsOnUI 3312 and an ItsOn service 3314. Although explicit mention is made ofan ItsOn implementation, the techniques described with reference to thisexample are broadly applicable, and are not limited to any particularItsOn (or other) specific implementation. It may be noted that otherapplications, including system apps (e.g., home, phone, browser,contacts, etc.) and other apps (e.g., news, social network, etc.) canreside in the applications layer 3302, but are omitted to avoidobscuring the drawing.

In the example of FIG. 33, the application framework 3304 includes anactivity manager 3316. It may be noted that other managers, including awindow manager, package manager, telephony manager, location manager,etc. can reside in the application framework 3304, but are omitted toavoid obscuring the drawing. Moreover, other managers can provide datato, e.g., the ItsOn service 3314 that is useful (e.g., the packagemanager can provide an indication that an app is installed), but adetailed description is not necessary for an understanding of thetechniques presented.

In the example of FIG. 33, the libraries 3306 include a media servicesframework datastore 3318 and an android runtime datastore 3320. It maybe noted that other libraries, including surface manager, java.net,android.net, apache, media, WebKit, freetype, SQLite, and libcdatastores can reside in the libraries 3306, but are omitted to avoidobscuring the drawing. The android runtime datastore 3320 can include acore libraries datastore and a dalvik VM datastore, to name two.

In the example of FIG. 33, the netlink interface 3308 couples thelibraries 3306 to the Linux kernel 3310.

In the example of FIG. 33, the Linux kernel 3310 includes an ItsOnfilter 3322 and an ItsOn classification engine 3324. It should be notedthat although the Linux kernel 3310 is described in association with aparticular OS (Linux), the techniques described with reference to thisexample are broadly applicable to other than Linux kernels, OSs, orother applicable engines. It may be noted that other low level devices,including, e.g., a display driver, audio driver, network stack (e.g.,3G/4G, WiFi, others, or a combination), a camera driver, and a keypaddriver can reside in the Linux kernel 3310, but are omitted to avoidobscuring the drawing.

In the example of FIG. 33, in operation, the activity manager 3316(which is called out as a representative manager) can provide runtimestate to the ItsOn service 3314. The ItsOn service 3314 can communicatewith the media service framework datastore 3318 and the android runtimelibrary 3320 (and specifically, for example, core libraries of theandroid runtime library). The media service framework datastore 3318 canprovide a mapping through the netlink interface 3308 to the ItsOnclassification engine 3324 and the ItsOn service 3314 can providefilters through the netlink interface 3308 to the ItsOn classificationengine 3324. The ItsOn UI 3312 can provide a window into the trafficclassification and flow and the ItsOn filter 3322 can facilitateenforcement of applicable policy.

FIG. 34 depicts a proxy encapsulated frame 3400. The frame 3400 includesa proxy header 3402, a header 3404, network traffic payload 3406, and aproxy trailer 3408. The header 3404 corresponds to an inspection rangeof proxy encapsulated frame 3412.

FIG. 35 depicts an example of a system 3500 for proxy client counting.The system 3500 includes a proxy service manager 3502, a proxy/libraryAPI 3504, an app ID 3506, usage classify/count 3508, a trafficprocessing/other services 3510, a service classification and accountingproxy agent 3512, a flow tracking agent 3514, a network stack (driver)3516, a stack API 3518, an app ID/library function ID 3520, usageclassify/count 3522, a service classification and accounting driveragent 3524, a usage/classification reconciliation engine 3526, ausage/classification datastore 3528, a UI interface 3530, an applicationinterface 3532, and a UI 3534.

FIG. 36 depicts an example of a system 3600 for classifying traffic andenforcing a service policy based upon the classification. The system3600 includes a proxy manager 3602, an app traffic flow 3604, a trafficstack 3606, a socket manager 3608, and a traffic classification andenforcement engine 3610. The proxy manager 3602 and the socket manager3608 can be implemented as engines. The traffic stack 3606 can beimplemented as an engine or a datastore. Where the traffic stack 3606 isimplemented as a datastore, the proxy manager 3602, the socket manager3608, the traffic classification and enforcement engine 3610, or someother engine can provide the processor to carry out activities that areattributed to the traffic stack 3606.

In the example of FIG. 36, the proxy manager 3602 tags the app trafficflow 3604 at a first point in the flow. The first point in the flowcorresponds to an API call by an app to the proxy manager 3602, or anequivalent activity. The proxy manager 3602 can identify the app makingthe call and identify the thread that is (or will be) associated withthe app. In this way, the proxy manager 3602 can identify a mapping ofthe app to the app traffic flow 3604. The proxy manager 3602 registersthe thread (e.g., the app-to-flow mapping) at the traffic stack 3606.

In the example of FIG. 36, the socket manager 3608 tags the app trafficflow 3604 at a second point in the flow. The second point in the flowcorresponds to a socket call by the proxy manager 3602 to the socketmanager 3608, or an equivalent activity. The socket manager 3608 canidentify the proxy making the call and identify the thread that isassociated with the proxy. In this way, the socket manager 3608 canidentify a mapping of the proxy to the app traffic flow 3604. The socketmanager 3608 registers the socket (e.g., the proxy-to-flow mapping) atthe traffic stack 3606.

In the example of FIG. 36, the traffic classification and enforcementengine 3610 uses the thread registration to identify the app-to-flow andthe socket registration to identify the proxy-to-flow. Because thetraffic classification and enforcement engine 3610 knows the app calledthe proxy (from the thread registration) and the proxy called the socket(from the socket registration), the traffic classification andenforcement engine 3610 can properly identify the app as the initiatorof the app traffic flow 3604, as opposed to, for example, the proxymanager 3602 that made the socket call. With this knowledge, the trafficclassification and enforcement engine 3610 can use the appropriatetraffic control, notification, and charging policies to control thetraffic, notify relevant parties, and/or assign the app traffic flow3604 to the appropriate bucket or buckets.

In the example of FIG. 36, an optional activity manager 3612 tags theapp traffic flow 3604 at a third point in the flow. The third point inthe flow corresponds to a control application call made on behalf of theapp. The activity manager 3612 can identify the app making the call tothe control application and identify the activity that is associatedwith the app. Conceptually, relative to the description just providedwith reference to the proxy manager 3602 and the socket manager 3608,the activity manager 3612 pushes the app up one more level, such thatthe data flow is from the app to a control application and to the proxy.Using the registered activity, the traffic classification andenforcement engine 3610 can trace the app traffic flow back up the chainto the app, rather than identifying the control application as theinitiator.

FIG. 37 depicts a flowchart 3700 of an example of a method for flowtagging and enforcing service policies associated with an identifiedinitiator of the flow. In the example of FIG. 37, the flowchart 3700starts at module 3702 and ends at module 3712, which include thefollowing: tagging a network activity traffic flow at a first point inthe flow, wherein the first point is associated with an API call to aproxy manager for a thread; registering the thread; tagging the networkactivity traffic flow at a second point in the flow, wherein the secondpoint is associated with a socket call to a socket manager for thethread; registering the socket; using the registration of the thread andthe registration of the socket to determine that the network activitytraffic flow is associated with an initiator of the network activity,wherein the initiator of the network activity is not the proxy manager;and enforcing service policies associated with the initiator of thenetwork activity for the network activity traffic flow.

Unless the context clearly indicates otherwise, the word “or” is used inits broadest sense. The phrase “A or B” thus includes “A only,” “Bonly,” and “A and B.” Phrases of the form “A and/or B” in this documentare sometimes used instead of “A or B” for emphasis. The use of “Aand/or B” is not be interpreted as somehow implying that “A or B” has anarrower meaning than “A only,” “B only,” and “A and B.”

Algorithmic descriptions and representations are the means used by thoseskilled in the data processing arts to effectively convey the substanceof their work to others skilled in the art. An algorithm is here, andgenerally, conceived to be a self-consistent sequence of operationsleading to a desired result. The operations are those requiring physicalmanipulations of physical quantities. Usually, though not necessarily,these quantities take the form of electrical or magnetic signals capableof being stored, transferred, combined, compared, and otherwisemanipulated. It has proven convenient at times, principally for reasonsof common usage, to refer to these signals as bits, values, elements,symbols, characters, terms, numbers, or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the following discussion,it is appreciated that throughout the description, discussions utilizingterms such as “processing” or “computing” or “calculating” or“determining” or “displaying” or the like, refer to the action andprocesses of a computer system, or similar electronic computing device,that manipulates and transforms data represented as physical(electronic) quantities within the computer system's registers andmemories into other data similarly represented as physical quantitieswithin the computer system memories or registers or other suchinformation storage, transmission or display devices.

The present invention, in some embodiments, also relates to apparatusfor performing the operations herein. This apparatus may be speciallyconstructed for the required purposes, or it may comprise a generalpurpose computer selectively activated or reconfigured by a computerprogram stored in the computer. Such a computer program may be stored ina computer readable storage medium, such as, but is not limited to,read-only memories (ROMs), random access memories (RAMs), EPROMs,EEPROMs, magnetic or optical cards, any type of disk including floppydisks, optical disks, CD-ROMs, and magnetic-optical disks, or any typeof media suitable for storing electronic instructions, and each coupledto a computer system bus.

The algorithms and displays presented herein are not inherently relatedto any particular computer or other apparatus. Various general purposesystems may be used with programs in accordance with the teachingsherein, or it may prove convenient to construct more specializedapparatus to perform the required method steps. The required structurefor a variety of these systems will appear from the description below.In addition, the present invention is not described with reference toany particular programming language, and various embodiments may thus beimplemented using a variety of programming languages.

Although the foregoing embodiments have been described in some detailfor purposes of clarity of understanding, the invention is not limitedto the details provided. There are many alternative ways of implementingthe invention. The disclosed embodiments are illustrative and notrestrictive.

INCORPORATION BY REFERENCE

This document incorporates by reference for all purposes the followingnon-provisional U.S. patent applications: application Ser. No.12/380,778, filed Mar. 2, 2009, entitled VERIFIABLE DEVICE ASSISTEDSERVICE USAGE BILLING WITH INTEGRATED ACCOUNTING, MEDIATION ACCOUNTING,AND MULTI-ACCOUNT, now U.S. Pat. No. 8,321,526 (issued Nov. 27, 2012);application Ser. No. 12/380,780, filed Mar. 2, 2009, entitled AUTOMATEDDEVICE PROVISIONING AND ACTIVATION, now U.S. Pat. No. 8,839,388 (issuedSep. 16, 2014); application Ser. No. 12/695,019, filed Jan. 27, 2010,entitled DEVICE ASSISTED CDR CREATION, AGGREGATION, MEDIATION ANDBILLING, now U.S. Pat. No. 8,275,830 (issued Sep. 25, 2012); applicationSer. No. 12/695,020, filed Jan. 27, 2010, entitled ADAPTIVE AMBIENTSERVICES, now U.S. Pat. No. 8,406,748 (issued Mar. 26, 2013);application Ser. No. 12/694,445, filed Jan. 27, 2010, entitled SECURITYTECHNIQUES FOR DEVICE ASSISTED SERVICES, now U.S. Pat. No. 8,391,834(issued Mar. 5, 2013); application Ser. No. 12/694,451, filed Jan. 27,2010, entitled DEVICE GROUP PARTITIONS AND SETTLEMENT PLATFORM, now U.S.Pat. No. 8,548,428 (issued Oct. 1, 2013); application Ser. No.12/694,455, filed Jan. 27, 2010, entitled DEVICE ASSISTED SERVICESINSTALL, now U.S. Pat. No. 8,402,111, now U.S. Pat. No. 8,402,111(issued Mar. 19, 2013); application Ser. No. 12/695,021, filed Jan. 27,2010, entitled QUALITY OF SERVICE FOR DEVICE ASSISTED SERVICES, now U.S.Pat. No. 8,346,225 (issued Jan. 1, 2013); application Ser. No.12/695,980, filed Jan. 28, 2010, entitled ENHANCED ROAMING SERVICES ANDCONVERGED CARRIER NETWORKS WITH DEVICE ASSISTED SERVICES AND A PROXY,now U.S. Pat. No. 8,340,634 (issued Dec. 25, 2012); application Ser. No.13/134,005, filed May 25, 2011, entitled SYSTEM AND METHOD FOR WIRELESSNETWORK OFFLOADING, now U.S. Pat. No. 8,635,335 (issued Jan. 21, 2014);application Ser. No. 13/134,028, filed May 25, 2011, entitledDEVICE-ASSISTED SERVICES FOR PROTECTING NETWORK CAPACITY, now U.S. Pat.No. 8,589,541 (issued Nov. 19, 2013); application Ser. No. 13/229,580,filed Sep. 9, 2011, entitled WIRELESS NETWORK SERVICE INTERFACES, nowU.S. Pat. No. 8,626,115 (issued Jan. 7, 2014); application Ser. No.13/237,827, filed Sep. 20, 2011, entitled ADAPTING NETWORK POLICIESBASED ON DEVICE SERVICE PROCESSOR CONFIGURATION, now U.S. Pat. No.8,832,777 (issued Sep. 9, 2014); application Ser. No. 13/239,321, filedSep. 21, 2011, entitled SERVICE OFFER SET PUBLISHING TO DEVICE AGENTWITH ON-DEVICE SERVICE SELECTION, now U.S. Pat. No. 8,898,293;application Ser. No. 13/248,028, filed Sep. 28, 2011, entitledENTERPRISE ACCESS CONTROL AND ACCOUNTING ALLOCATION FOR ACCESS NETWORKS,now U.S. Pat. No. 8,924,469; application Ser. No. 13/247,998, filed Sep.28, 2011, entitled COMMUNICATIONS DEVICE WITH SECURE DATA PATHPROCESSING AGENTS, now U.S. Pat. No. 8,725,123 (issued May 13, 2014);application Ser. No. 13/248,025 RALEP043), filed Sep. 28, 2011, entitledSERVICE DESIGN CENTER FOR DEVICE ASSISTED SERVICES, now U.S. Pat. No.8,924,543; application Ser. No. 13/253,013, filed Oct. 4, 2011, entitledSYSTEM AND METHOD FOR PROVIDING USER NOTIFICATIONS, now U.S. Pat. No.8,745,191 (issued Jun. 3, 2014); application Ser. No. 13/309,556, filedDec. 1, 2011, entitled END USER DEVICE THAT SECURES AN ASSOCIATION OFAPPLICATION TO SERVICE POLICY WITH AN APPLICATION CERTIFICATE CHECK, nowU.S. Pat. No. 8,893,009; application Ser. No. 13/309,463, filed Dec. 1,2011, entitled SECURITY, FRAUD DETECTION, AND FRAUD MITIGATION INDEVICE-ASSISTED SERVICES SYSTEMS, now U.S. Pat. No. 8,793,758 (issuedJul. 29, 2014); and application Ser. No. 13/374,959, filed Jan. 24,2012, entitled FLOW TAGGING FOR SERVICE POLICY IMPLEMENTATION, now U.S.Pat. No. 8,606,911 (issued Dec. 10, 2013).

This document incorporates by reference for all purposes the followingprovisional patent applications: Provisional Application No. 61/206,354,filed Jan. 28, 2009, entitled SERVICES POLICY COMMUNICATION SYSTEM ANDMETHOD; Provisional Application No. 61/206,944, filed Feb. 4, 2009,entitled SERVICES POLICY COMMUNICATION SYSTEM AND METHOD; ProvisionalApplication No. 61/207,393, filed Feb. 10, 2009, entitled SERVICESPOLICY COMMUNICATION SYSTEM AND METHOD; and Provisional Application No.61/207,739, entitled SERVICES POLICY COMMUNICATION SYSTEM AND METHOD,filed Feb. 13, 2009; Provisional Application No. 61/270,353, filed onJul. 6, 2009, entitled DEVICE ASSISTED CDR CREATION, AGGREGATION,MEDIATION AND BILLING; Provisional Application No. 61/275,208, filedAug. 25, 2009, entitled ADAPTIVE AMBIENT SERVICES; and ProvisionalApplication No. 61/237,753, filed Aug. 28, 2009, entitled ADAPTIVEAMBIENT SERVICES; Provisional Application No. 61/252,151, filed Oct. 15,2009, entitled SECURITY TECHNIQUES FOR DEVICE ASSISTED SERVICES;Provisional Application No. 61/252,153, filed Oct. 15, 2009, entitledDEVICE GROUP PARTITIONS AND SETTLEMENT PLATFORM; Provisional ApplicationNo. 61/264,120, filed Nov. 24, 2009, entitled DEVICE ASSISTED SERVICESINSTALL; Provisional Application No. 61/264,126, filed Nov. 24, 2009,entitled DEVICE ASSISTED SERVICES ACTIVITY MAP; Provisional ApplicationNo. 61/348,022, filed May 25, 2010, entitled DEVICE ASSISTED SERVICESFOR PROTECTING NETWORK CAPACITY; Provisional Application No. 61/381,159,filed Sep. 9, 2010, entitled DEVICE ASSISTED SERVICES FOR PROTECTINGNETWORK CAPACITY; Provisional Application No. 61/381,162, filed Sep. 9,2010, entitled SERVICE CONTROLLER INTERFACES AND WORKFLOWS; ProvisionalApplication No. 61/384,456, filed Sep. 20, 2010, entitled SECURINGSERVICE PROCESSOR WITH SPONSORED SIMS; Provisional Application No.61/389,547, filed Oct. 4, 2010, entitled USER NOTIFICATIONS FOR DEVICEASSISTED SERVICES; Provisional Application No. 61/385,020, filed Sep.21, 2010, entitled SERVICE USAGE RECONCILIATION SYSTEM OVERVIEW;Provisional Application No. 61/387,243, filed Sep. 28, 2010, entitledENTERPRISE AND CONSUMER BILLING ALLOCATION FOR WIRELESS COMMUNICATIONDEVICE SERVICE USAGE ACTIVITIES; Provisional Application No. 61/387,247,filed September 28, entitled SECURED DEVICE DATA RECORDS, 2010;Provisional Application No. 61/407,358, filed Oct. 27, 2010, entitledSERVICE CONTROLLER AND SERVICE PROCESSOR ARCHITECTURE; ProvisionalApplication No. 61/418,507, filed Dec. 1, 2010, entitled APPLICATIONSERVICE PROVIDER INTERFACE SYSTEM; Provisional Application No.61/418,509, filed Dec. 1, 2010, entitled SERVICE USAGE REPORTINGRECONCILIATION AND FRAUD DETECTION FOR DEVICE ASSISTED SERVICES;Provisional Application No. 61/420,727, filed Dec. 7, 2010, entitledSECURE DEVICE DATA RECORDS; Provisional Application No. 61/422,565,filed Dec. 13, 2010, entitled SERVICE DESIGN CENTER FOR DEVICE ASSISTEDSERVICES; Provisional Application No. 61/422,572, filed Dec. 13, 2010,entitled SYSTEM INTERFACES AND WORKFLOWS FOR DEVICE ASSISTED SERVICES;Provisional Application No. 61/422,574, filed Dec. 13, 2010, entitledSECURITY AND FRAUD DETECTION FOR DEVICE ASSISTED SERVICES; ProvisionalApplication No. 61/435,564, filed Jan. 24, 2011, entitled FRAMEWORK FORDEVICE ASSISTED SERVICES; Provisional Application No. 61/472,606, filedApr. 6, 2011, entitled MANAGING SERVICE USER DISCOVERY AND SERVICELAUNCH OBJECT PLACEMENT ON A DEVICE; Provisional Application No.61/550,906, filed Oct. 24, 2011, entitled SECURITY FOR DEVICE-ASSISTEDSERVICES; and Provisional Application No. 61/589,830, filed Jan. 23,2012, entitled METHODS AND APPARATUS TO PRESENT INFORMATION ABOUT VOICE,MESSAGING, AND DATA SERVICES ON WIRELESS MOBILE DEVICES.

We claim:
 1. A wireless end-user device, comprising: a wireless modemconfigurable to connect to a wireless network; a network stackconfigurable to receive and transmit data via the wireless modem and thewireless network; a first network stack Application ProgrammingInterface (API), containing at least one first call accessible to eachof a plurality of device applications, the first network stack APIcallable by each of the plurality of device applications to open and usedata packet flows via the network stack, the wireless modem, and the atleast one wireless network; a second API containing at least one secondcall accessible to each of the plurality of device applications, thesecond API callable by each of the plurality of device applications tomake a data transfer request for a media object associated with anetwork resource identifier supplied by the calling device application;a media service manager prompted by the second call, to manage networkdata transfers for the media object by interfacing with the networkstack to retrieve the media object associated with the network resourceidentifier via the wireless modem and the wireless network; and one ormore service classification and measurement agents to associate wirelessnetwork data usage for the media object network data transfers with thedevice application that requests the data transfer for the media object,to associate wireless network data usage for respective data packetflows opened and used via the first network stack API with the deviceapplication opening such respective data packet flow, and to reconcilewireless network data usage for each of the plurality of deviceapplications to track an aggregate wireless network data usageattributable to each of the plurality of device applications via boththe first network stack API and the second API.
 2. The wireless end-userdevice of claim 1, wherein to associate wireless network data usage forthe media object network data transfers with the device application thatmakes the data transfer request for the media object comprises toidentify at least one of an application name, an application identifier,or a process identifier for the application that makes the data transferrequest.
 3. The wireless end-user device of claim 2, wherein the datatransfer request comprises a network resource identifier that identifiesa source of the data to be transferred, a proxy to the source of thedata to be transferred, or the media object to be transferred, inparticular, wherein the network resource identifier comprises one ormore of an Internet Protocol address, a Uniform Resource Locator, aremote file name/address, a stream name, and an object name.
 4. Thewireless end-user device of claim 3, wherein to associate wirelessnetwork data usage for the media object network data transfers with thedevice application that makes the data transfer request for the mediaobject further comprises to store an entry comprising the at least oneof the application name, the application identifier, or the processidentifier for each of the device applications that makes a datatransfer request, each stored entry further comprising information aboutthe corresponding network resource identifier for the data transferrequest.
 5. The wireless end-user device of claim 4, wherein the one ormore service classification and measurement agents includes a requestingapplication storing function within the media services manager.
 6. Thewireless end-user device of claim 5, wherein the media service manageris a first media service manager and the requesting application storingfunction is a first requesting application storing function, the devicefurther comprising a second media service manager of a different typethan the first media service manager, the service classification agentincluding a second requesting application storing function within thesecond media service manager.
 7. The wireless end-user device of claim6, further comprising a usage and classification database, the one ormore service classification and measurement agents to receiveapplication association information stored by the first and secondrequesting application storing functions, and to maintain the usage andclassification database based in part on the received applicationassociation information.
 8. The wireless end-user device of claim 3,wherein to manage network data transfers for the media object byinterfacing with the at least one network stack comprises to map thedata transfer request and network resource identifier to one or moredata flow connections communicated through the device network stack. 9.The wireless end-user device of claim 1, further comprising a mediaplayer and a user interface, wherein the media object comprises mediadata that is, as a result of the media service manager management ofnetwork data transfers for the media object, received by the device andplayed by the media player through the user interface.
 10. The wirelessend-user device of claim 9, the media service manager to receive, fromthe application launching the data transfer request, a network resourceindicator that identifies the media object, return to the application amedia object handle descriptor, call a proxy service to perform one ormore network data transfers comprising the media object, accept, fromthe application, commands associated with the media object handledescriptor, and control playback of the media data by the media playerbased on the commands.
 11. The wireless end-user device of claim 1,wherein the one or more service classification and measurement agentscomprise: a requesting application storage agent to, for each deviceapplication that makes a data transfer request using the second API,store application identification information and network resourceidentification information; a network data flow storage agent to, foreach network data flow associated with the media service manager,identify network data flow identification information; and anassociation agent to match the network data flow identificationinformation for a network data flow with application identificationinformation for the network data transfer associated with the networkdata flow.
 12. The wireless end-user device of claim 1, furthercomprising: a local database to store data usage, including data usagefor network data transfers managed by the media service manager onbehalf of a device application, the stored data usage classified bydevice application; a user interface; and a user interface display agentto display the data usage classified by application to a user.
 13. Thewireless end-user device of claim 1, the one or more serviceclassification and measurement agents to further associate one or moretraffic flows, comprising the media object network data transfers, withthe device application that makes the data transfer request, the devicefurther comprising an enforcement agent to, based on the associationbetween the one or more traffic flows and the device application,enforce an application-based usage control on network data usage by oneor more of the device applications.
 14. A method of operating a wirelessend-user device when connected via a wireless modem to a wirelessnetwork, the method comprising: operating a first network stackApplication Programming Interface (API), containing at least one firstcall accessible to each of a plurality of device applications, the firstnetwork stack API callable by each of the plurality of deviceapplications to open and use data flows via a network stack coupled tothe wireless modem; operating a second API containing at least onesecond call accessible to each of the plurality of device applications,the second API callable by each of the plurality of device applicationsto make a data transfer request for a media object associated with anetwork resource identifier supplied by the calling device application;operating a media service manager prompted by the second call, the mediaservice manager managing network data transfers for the media object byinterfacing with the network stack to retrieve the media objectassociated with the network resource identifier via the wireless modemand the wireless network; and associating wireless network data usagefor the media object network data transfers with the device applicationthat requests the data transfer for the media object, associatingwireless network data usage for respective data packet flows opened andused via the first network stack API with the device application openingsuch respective data packet flow, and reconciling wireless network datausage for each of the plurality of device applications to track anaggregate wireless network data usage attributable to each of theplurality of device applications via both the first network stack APIand the second API.
 15. A wireless end-user device, comprising: awireless modem configurable to connect to a wireless network; a networkstack configurable to receive and transmit data via the wireless modemand the wireless network; a first network stack Application ProgrammingInterface (API), containing at least one first call to allow deviceapplications to open and use data flows via the network stack, thewireless modem, and the at least one wireless network; a second APIcontaining at least one second call to allow device applications to makea data transfer request for a media object associated with a networkresource identifier supplied by the device application, wherein the datatransfer request comprises a network resource identifier that identifiesa source of the data to be transferred, a proxy to the source of thedata to be transferred, or the media object to be transferred, inparticular, wherein the network resource identifier comprises one ormore of an Internet Protocol address, a Uniform Resource Locator, aremote file name/address, a stream name, and an object name; a mediaservice manager prompted by the second call, to manage network datatransfers for the media object by interfacing with the network stack toretrieve the media object associated with the network resourceidentifier via the wireless modem and the wireless network; and aservice classification agent to associate wireless network data usagefor the media object network data transfers with the device applicationthat requests the data transfer for the media object, wherein toassociate data usage for the media object network data transfers withthe device application that makes the data transfer request for themedia object comprises to identify and store at least one of anapplication name, an application identifier, or a process identifier forthe application that makes the data transfer request, each stored entryfurther comprising information about the corresponding network resourceidentifier for the data transfer request.
 16. The wireless end-userdevice of claim 15, wherein the service classification agent includes arequesting application storing function within the media servicesmanager.
 17. The wireless end-user device of claim 16, wherein the mediaservice manager is a first media service manager and the requestingapplication storing function is a first requesting application storingfunction, the device further comprising a second media service managerof a different type than the first media service manager, the serviceclassification agent including a second requesting application storingfunction within the second media service manager.
 18. The wirelessend-user device of claim 17, further comprising a usage andclassification reconciliation agent and a usage and classificationdatabase, the usage and classification reconciliation agent to receiveapplication association information stored by the first and secondrequesting application storing functions, and to maintain the usage andclassification database based in part on the received applicationassociation information.
 19. A wireless end-user device, comprising: awireless modem configurable to connect to a wireless network; a networkstack configurable to receive and transmit data via the wireless modemand the wireless network; a first network stack Application ProgrammingInterface (API), containing at least one first call to allow deviceapplications to open and use data flows via the network stack, thewireless modem, and the at least one wireless network; a second APIcontaining at least one second call to allow device applications to makea data transfer request for a media object associated with a networkresource identifier supplied by the device application, wherein the datatransfer request comprises a network resource identifier that identifiesa source of the data to be transferred, a proxy to the source of thedata to be transferred, or the media object to be transferred, inparticular, wherein the network resource identifier comprises one ormore of an Internet Protocol address, a Uniform Resource Locator, aremote file name/address, a stream name, and an object name; a mediaservice manager prompted by the second call, to manage network datatransfers for the media object by interfacing with the network stack toretrieve the media object associated with the network resourceidentifier via the wireless modem and the wireless network, wherein tomanage network data transfers for the media object by interfacing withthe at least one network stack comprises to map the data transferrequest and network resource identifier to one or more data flowconnections communicated through the device networking stack; and aservice classification agent to associate wireless network data usagefor the media object network data transfers with the device applicationthat requests the data transfer for the media object, wherein toassociate data usage for the media object network data transfers withthe device application that makes the data transfer request for themedia object comprises to identify at least one of an application name,an application identifier, or a process identifier for the applicationthat makes the data transfer request.